2430201 – (CVE-2026-0915) CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query

Bug 2430201 (CVE-2026-0915) - CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query

Summary: CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query

Keywords:
Status:	NEW
Alias:	CVE-2026-0915
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2430319 2430321 2430317 2430318 2430320 2430322
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-15 23:01 UTC by OSIDB Bzimport
Modified:	2026-01-16 08:19 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-15 23:01:50 UTC

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Note You need to log in before you can comment on or make changes to this bug.