Bug 2449777 (CVE-2026-4437) - CVE-2026-4437 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response
Summary: CVE-2026-4437 glibc: glibc: Incorrect DNS response parsing via crafted DNS se...
Keywords:
Status: NEW
Alias: CVE-2026-4437
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2450228 2450230 2450232 2450234 2450236 2450237
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-20 21:02 UTC by OSIDB Bzimport
Modified: 2026-06-01 15:46 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:21155 0 None None None 2026-05-26 21:42:56 UTC
Red Hat Product Errata RHBA-2026:21156 0 None None None 2026-05-26 21:54:52 UTC
Red Hat Product Errata RHBA-2026:21321 0 None None None 2026-05-27 13:03:24 UTC
Red Hat Product Errata RHBA-2026:21324 0 None None None 2026-05-27 15:20:17 UTC
Red Hat Product Errata RHBA-2026:21455 0 None None None 2026-05-27 21:11:44 UTC
Red Hat Product Errata RHBA-2026:21738 0 None None None 2026-05-28 11:14:11 UTC
Red Hat Product Errata RHSA-2026:19061 0 None None None 2026-05-19 13:07:20 UTC
Red Hat Product Errata RHSA-2026:20597 0 None None None 2026-05-26 08:53:45 UTC

Description OSIDB Bzimport 2026-03-20 21:02:13 UTC
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

Comment 3 errata-xmlrpc 2026-05-19 13:07:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19061 https://access.redhat.com/errata/RHSA-2026:19061

Comment 4 errata-xmlrpc 2026-05-26 08:53:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:20597 https://access.redhat.com/errata/RHSA-2026:20597


Note You need to log in before you can comment on or make changes to this bug.