CVE-2026-4437

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

125

Out-of-bounds Read

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Availability Other

Potential Impacts:

Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context

Applicable Platforms

Languages: C, C++, Memory-Unsafe

Technologies: ICS/OT

View CWE Details

https://sourceware.org/bugzilla/show_bug.cgi?id=34014

CVE-2026-4437

Description

Out-of-bounds Read

Common Consequences

Applicable Platforms

Iscriviti alla newsletter