2023-09-18 18:00:28 +00:00
{
"id" : "CVE-2023-4527" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2023-09-18T17:15:55.067" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:35:21.017" ,
2024-09-16 16:03:16 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-18 18:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash."
2023-10-04 12:00:29 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se encontr\u00f3 una falla en glibc. Cuando se llama a la funci\u00f3n getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema est\u00e1 configurado con el modo no-aaaa a trav\u00e9s de /etc/resolv.conf, una respuesta DNS a trav\u00e9s de TCP de m\u00e1s de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a trav\u00e9s de los datos de la direcci\u00f3n devuelta por la funci\u00f3n, y puede provocar un crash."
2023-09-18 18:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-09-21 18:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
2023-09-21 18:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
2023-09-22 18:00:27 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-09-21 18:00:28 +00:00
"attackVector" : "NETWORK" ,
2023-09-22 18:00:27 +00:00
"attackComplexity" : "HIGH" ,
2023-09-21 18:00:28 +00:00
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-21 18:00:28 +00:00
} ,
2023-09-22 18:00:27 +00:00
"exploitabilityScore" : 2.2 ,
2023-09-21 18:00:28 +00:00
"impactScore" : 4.2
} ,
2023-09-18 18:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-09-18 18:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-09-18 18:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-18 18:00:28 +00:00
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 4.2
}
]
} ,
2023-09-21 18:00:28 +00:00
"weaknesses" : [
{
2024-12-08 03:06:42 +00:00
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
2023-09-21 18:00:28 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-121"
2023-09-21 18:00:28 +00:00
}
]
2023-11-07 21:03:21 +00:00
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-11-07 21:03:21 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-125"
2023-11-07 21:03:21 +00:00
}
]
2023-09-21 18:00:28 +00:00
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.39" ,
"matchCriteriaId" : "9B07E72A-FA10-49C2-BBE3-468AF836A462"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
2023-10-29 09:06:41 +00:00
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "98638583-9933-42F2-964E-7F8E7CF36918"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "056DABF5-0C1D-4EBA-B02B-443BACB20D6F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "910C9542-26FC-4635-9351-128727971830"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "09AAD850-019A-46B8-A5A1-845DE048D30A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "86034E5B-BCDD-4AFD-A460-38E790F608F5"
} ,
2023-09-21 18:00:28 +00:00
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
2023-10-29 09:06:41 +00:00
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "62C31522-0A17-4025-B269-855C7F4B45C2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C74F6FA-FA6C-4648-9079-91446E45EE47"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9A879F9F-F087-45D4-BD65-2990276477D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "32AF225E-94C0-4D07-900C-DD868C05F554"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "22C65F53-D624-48A9-A9B7-4C78A31E19F9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA1F902F-1AD5-489F-B420-A3574D1880B9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EEAC443B-622E-49FB-8C0F-2864B7EF5F80"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "23D471AC-7DCA-4425-AD91-E5D928753A8C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ED521457-498F-4E43-B714-9A3F2C3CD09A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F91F9255-4EE1-43C7-8831-D2B6C228BFD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "99952557-C766-4B9E-8BF5-DBBA194349FF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F32CA554-F9D7-425B-8F1C-89678507F28C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC6A25CB-907A-4D05-8460-A2488938A8BE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "22D28543-C7C5-46B0-B909-20435AF7A501"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
2023-09-21 18:00:28 +00:00
}
]
}
]
2023-12-28 17:00:28 +00:00
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
2023-12-28 17:00:28 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
2023-12-28 17:00:28 +00:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
2023-12-28 17:00:28 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
2023-12-28 17:00:28 +00:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "56409CEC-5A1E-4450-AA42-641E459CC2AF"
2023-12-28 17:00:28 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
2023-12-28 17:00:28 +00:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
2023-12-28 17:00:28 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8497A4C9-8474-4A62-8331-3FE862ED4098"
2023-12-28 17:00:28 +00:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
2023-12-28 17:00:28 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
2023-12-28 17:00:28 +00:00
}
]
}
]
2023-09-21 18:00:28 +00:00
}
] ,
2023-09-18 18:00:28 +00:00
"references" : [
2023-10-05 18:01:48 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:5453" ,
2023-10-29 09:06:41 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-10-05 18:01:48 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:5455" ,
2023-10-29 09:06:41 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-10-05 18:01:48 +00:00
} ,
2023-09-18 18:00:28 +00:00
{
"url" : "https://access.redhat.com/security/cve/CVE-2023-4527" ,
2023-09-21 18:00:28 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-18 18:00:28 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2234712" ,
2023-09-21 18:00:28 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2023/09/25/1" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:5453" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:5455" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/security/cve/CVE-2023-4527" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2234712" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://security.gentoo.org/glsa/202310-03" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20231116-0012/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-09-18 18:00:28 +00:00
}
]
}
