CVE-2023-4806: Glibc: potential use-after-free in getaddrinfo()
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Security readout for executives and security teams
Plain-English summary
CVE-2023-4806 is a glibc resolver bug that can crash applications in a narrow name-resolution scenario. The business impact is availability, not data theft or integrity loss. Red Hat rates it medium with high attack complexity, and the provided sources do not show known active exploitation.
Executive priority
Treat as a scheduled but important availability fix. It does not warrant emergency response without local exposure indicators, but glibc’s central role means patch coverage should be tracked carefully.
Technical view
The flaw is a potential use-after-free in getaddrinfo(). It is only described as exploitable with specific NSS hook coverage, a large mixed IPv6/IPv4 response, and AF_INET6 with AI_CANONNAME, AI_ALL, and AI_V4MAPPED. Impact is application crash from freed memory access.
Likely exposure
Most likely exposure is Linux systems using affected glibc packages, especially listed Red Hat Enterprise Linux 7, 8, 8.6 EUS, 9, and Red Hat Virtualization builds. Risk increases where custom or unusual NSS modules are used.
Exploitation context
The source bundle marks KEV false and provides no cited evidence of active exploitation. The described prerequisites are narrow and high complexity, but the affected component is widely deployed and can affect service availability.
Researcher notes
The key uncertainty is practical reachability. Validation should focus on NSS module behavior and whether applications can trigger the specific getaddrinfo() flag combination. Do not assume exploitability from glibc presence alone.
Mitigation direction
Apply vendor glibc updates from relevant Red Hat, Fedora, Gentoo, NetApp, or Siemens guidance.
Prioritize internet-facing or business-critical services that perform frequent DNS/name resolution.
Review use of custom or third-party NSS modules on affected Linux hosts.
If updates are not available, monitor vendor advisories for supported remediation guidance.
Validation and detection
Inventory glibc or compat-glibc versions against the affected package versions in vendor advisories.
Identify systems using custom NSS modules or non-default name-service configurations.
Confirm patched package versions after maintenance using approved asset or package-management records.
Review service crash logs for resolver-related application failures around name-resolution activity.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-416: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-416 · source CWE mapping
Use After Free
Use After Free represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.