CVE-2023-4527

Name: CVE-2023-4527
Creator: NVD / NIST
Published: 2023-09-18T17:15:55.067+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 1.51%

Last modified Jun 17, 2026

CVE-2023-4527 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.. EPSS estimates a 1.51% chance of exploitation in the next 30 days.

Description

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Probability

1.51%

71.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Gnu	Glibc	>= 2.36, < 2.36.113
Gnu	Glibc	>= 2.37, < 2.37.38
Gnu	Glibc	>= 2.38, < 2.38.19
Redhat	Codeready Linux Builder Eus	9.2
Redhat	Codeready Linux Builder Eus For Power Little Endian	9.0_ppc64le
Redhat	Codeready Linux Builder Eus For Power Little Endian Eus	9.2_ppc64le
Redhat	Codeready Linux Builder For Arm64	9.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.2_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems	9.0_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.2_s390x
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux For Arm 64	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.2_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus S390x	9.2
Redhat	Enterprise Linux For Ibm Z Systems S390x	9.2
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian	9.2_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	8.8_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.2_ppc64le
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2_ppc64le
Redhat	Enterprise Linux Tus	8.8
Fedoraproject	Fedora	37
Fedoraproject	Fedora	38
Fedoraproject	Fedora	39
Netapp	H300s Firmware	All versions
Netapp	H500s Firmware	All versions
Netapp	H700s Firmware	All versions
Netapp	H410s Firmware	All versions
Netapp	H410c Firmware	All versions

References

https://access.redhat.com/errata/RHSA-2023:5453Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2234712Exploit, Issue Tracking, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/1Mailing List, Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2234712Exploit, Issue Tracking, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/Mailing List, Third Party Advisory
https://security.gentoo.org/glsa/202310-03Third Party Advisory
https://security.netapp.com/advisory/ntap-20231116-0012/Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-831302.html

Timeline

Published: Sep 18, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-4527?

How severe is CVE-2023-4527?

CVE-2023-4527 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.51% probability of exploitation in the next 30 days.

How do I fix CVE-2023-4527?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-4527?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST