CVE-2023-5156 - OpenCVE

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Gnu	Glibc

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/10/03/4	Mailing List Patch
http://www.openwall.com/lists/oss-security/2023/10/03/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/6	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/8	Mailing List Patch
https://access.redhat.com/security/cve/CVE-2023-5156	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240541	Issue Tracking Patch
https://security.gentoo.org/glsa/202402-01	Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=30884	Issue Tracking Patch
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796	Mailing List Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-25T15:55:15.558Z

Updated: 2024-04-25T15:04:12.336Z

Reserved: 2023-09-25T07:15:13.621Z

Link: CVE-2023-5156

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-25T16:15:15.613

Modified: 2024-02-23T16:01:18.390

Link: CVE-2023-5156

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5156", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-09-25T07:15:13.621Z", "datePublished": "2023-09-25T15:55:15.558Z", "dateUpdated": "2024-04-25T15:04:12.336Z"}, "containers": {"cna": {"title": "Glibc: dos due to memory leak in getaddrinfo.c", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compat-glibc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glibc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compat-glibc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glibc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glibc", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glibc", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/10/03/4"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/5"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5156", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240541", "name": "RHBZ#2240541", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/202402-01"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30884"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796"}], "datePublic": "2023-09-25T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime", "timeline": [{"lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Romain Geissler for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-25T15:04:12.336Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "71609239-5262-473E-ACCE-18AE51AB184E", "versionEndExcluding": "2.39", "versionStartIncluding": "2.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la librer\u00eda GNU C. Una soluci\u00f3n reciente para CVE-2023-4806 introdujo la posibilidad de una p\u00e9rdida de memoria, lo que puede provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2023-5156", "lastModified": "2024-02-23T16:01:18.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-25T16:15:15.613", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/4"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/5"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/6"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/8"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5156"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240541"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202402-01"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30884"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Secondary"}]}