2240541 – (CVE-2023-5156) CVE-2023-5156 glibc: DoS due to memory leak in getaddrinfo.c

Bug 2240541 (CVE-2023-5156) - CVE-2023-5156 glibc: DoS due to memory leak in getaddrinfo.c

Summary: CVE-2023-5156 glibc: DoS due to memory leak in getaddrinfo.c

Keywords:
Status:	NEW
Alias:	CVE-2023-5156
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2240543
Blocks:	2240548
TreeView+	depends on / blocked

Reported:	2023-09-25 07:35 UTC by TEJ RATHI
Modified:	2025-01-03 08:27 UTC (History)
CC List:	36 users (show)
Fixed In Version:	glibc 2.39
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-09-25 07:35:46 UTC

The fix for CVE-2023-4806 in upstream, introduces a memory leak in getaddrinfo.c which could lead to a Denial-of-Service.

https://sourceware.org/bugzilla/show_bug.cgi?id=30884
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

Comment 1 TEJ RATHI 2023-09-25 07:45:16 UTC

Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 2240543]

Note You need to log in before you can comment on or make changes to this bug.

adudiak
agarcial
aoconnor
asegurap
bdettelb
caswilli
crarobin
dfreiber
dkuc
fjansen
ggastald
hkataria
jburrell
jmadigan
jmitchel
jsamir
jsherril
jtanner
kaycoth
kshier
luizcosta
meferrigno
ngough
nweather
pamccart
psegedy
rogbas
sbiarozk
stcannon
sthirugn
tcarlin
tkasparek
vkrizan
vkumar
vmugicag
yguenane