{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0915", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "state": "PUBLISHED", "assignerShortName": "glibc", "dateReserved": "2026-01-13T19:02:42.388Z", "datePublished": "2026-01-15T22:08:41.630Z", "dateUpdated": "2026-01-20T16:03:52.590Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [{"lessThanOrEqual": "2.42", "status": "affected", "version": "2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Igor Morgenstern, Aisle Research"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."}], "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."}], "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-01-15T22:08:41.630Z"}, "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"}], "source": {"discovery": "UNKNOWN"}, "title": "getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/01/16/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-16T17:06:43.013Z"}}, {"references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T16:03:19.464174Z", "id": "CVE-2026-0915", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T16:03:52.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/01/16/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-16T17:06:43.013Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0915", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T16:03:19.464174Z"}}}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T16:03:45.360Z"}}], "cna": {"title": "getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Igor Morgenstern, Aisle Research"}], "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.0", "versionType": "custom", "lessThanOrEqual": "2.42"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "supportingMedia": [{"type": "text/html", "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-01-15T22:08:41.630Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0915", "state": "PUBLISHED", "dateUpdated": "2026-01-20T16:03:52.590Z", "dateReserved": "2026-01-13T19:02:42.388Z", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "datePublished": "2026-01-15T22:08:41.630Z", "assignerShortName": "glibc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D5C7C8-E53C-4AA3-97A6-1DFCBE5ED529", "versionEndIncluding": "2.42", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."}], "id": "CVE-2026-0915", "lastModified": "2026-01-23T19:36:50.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-15T22:16:12.457", "references": [{"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "tags": ["Broken Link"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2026/01/16/6"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Broken Link"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary"}]}

{"bugzilla": {"description": "glibc: glibc: Information disclosure via zero-valued network query", "id": "2430201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430201"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-908", "details": ["A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-0915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-01-15T22:08:41Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0915\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0915\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=33802"], "statement": "This vulnerability is rated Moderate for Red Hat products. It allows for information disclosure of stack contents to a configured DNS resolver when an application utilizes `getnetbyaddr` or `getnetbyaddr_r` with a DNS backend specified in `nsswitch.conf` for a zero-valued network query. This affects Red Hat Enterprise Linux and OpenShift Container Platform.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T16:07:26.566676+00:00", "value": {"mitigation_remediation": ["Apply any available glibc patches or updates from the official GNU project repositories.", "Edit the nsswitch.conf file to disable the DNS backend for the \u2018networks\u2019 entry, e.g., replace \u2018dns\u2019 with \u2018files\u2019 or remove the entry entirely.", "Avoid calling getnetbyaddr or getnetbyaddr_r with a zero network value; ensure application code validates network parameters before invoking the functions."], "summary": {"action": "Immediate patch", "impact": "Information disclosure: stack contents leaked to DNS resolver"}, "threat_synthesis": {"affected_systems": "The flaw is present in GNU C Library versions 2.0 through 2.42. Any Linux system or application that links against one of these glibc releases and that has the DNS backend enabled for network lookups is potentially affected; the vulnerability resides in the library itself, not in specific applications.", "description_and_impact": "Calling getnetbyaddr or its reentrant variant while the system\u2019s nsswitch.conf directs glibc to use the DNS backend for network lookups can cause a stack\u2011based information leak. A zero\u2011valued network request triggers an out\u2011of\u2011bounds read that exposes raw stack data to the configured DNS resolver, compromising confidentiality.", "risk_and_exploitability": "The CVSS base score of 7.5 indicates moderate to high severity, while the EPSS score is less than 1%, implying a low likelihood of exploitation and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires code to invoke getnetbyaddr with a zero network address and a configuration that forwards the request to the DNS backend, which can be achieved by modifying nsswitch.conf. Attackers capable of altering system configuration or controlling DNS responses are the most likely threat actors."}}}}, "created": "2026-01-16T13:43:15.274228+00:00", "updated": "2026-04-18T16:15:04.601886+00:00", "vendors": ["gnu", "gnu$PRODUCT$glibc"]}