How severe is CVE-2023-4806?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-4806?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2023-4806 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Related Vulnerabilities

CVE-2016-7180

MEDIUM

CVSS:5.9(Medium)

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial o...

CWE-4162016

CVE-2016-9373

MEDIUM

CVSS:5.9(Medium)

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dce...

CWE-4162016

CVE-2017-12133

MEDIUM

CVSS:5.9(Medium)

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors rela...

CWE-4162017

CVE-2017-15271

MEDIUM

CVSS:5.9(Medium)

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically rest...

CWE-4162017

CVE-2018-11412

MEDIUM

CVSS:5.9(Medium)

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stor...

CWE-4162018

CVE-2020-8649

MEDIUM

CVSS:5.9(Medium)

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

CWE-4162020