{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4437", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "state": "PUBLISHED", "assignerShortName": "glibc", "dateReserved": "2026-03-19T19:55:42.906Z", "datePublished": "2026-03-20T19:59:00.427Z", "dateUpdated": "2026-03-23T15:13:56.930Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-03-20T19:59:00.427Z"}, "title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "datePublic": "2026-03-20T22:20:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-142", "descriptions": [{"lang": "en", "value": "CAPEC-142 DNS Cache Poisoning"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.34", "lessThanOrEqual": "2.43", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.<br></div>"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"}], "credits": [{"lang": "en", "value": "Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me", "type": "finder"}, {"lang": "en", "value": "Kevin Farrell", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:10:34.650805Z", "id": "CVE-2026-4437", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:13:56.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:10:34.650805Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:10:49.136Z"}}], "cna": {"title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me"}, {"lang": "en", "type": "reporter", "value": "Kevin Farrell"}], "impacts": [{"capecId": "CAPEC-142", "descriptions": [{"lang": "en", "value": "CAPEC-142 DNS Cache Poisoning"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.34", "versionType": "custom", "lessThanOrEqual": "2.43"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-20T22:20:00.000Z", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "supportingMedia": [{"type": "text/html", "value": "<div>Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-03-20T19:59:00.427Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4437", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:13:56.930Z", "dateReserved": "2026-03-19T19:55:42.906Z", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "datePublished": "2026-03-20T19:59:00.427Z", "assignerShortName": "glibc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ECF98C3-1D14-492E-9FE0-241B03BF8550", "versionEndIncluding": "2.43", "versionStartIncluding": "2.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer."}, {"lang": "es", "value": "Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la GNU C Library versi\u00f3n 2.34 a la versi\u00f3n 2.43 podr\u00eda, con una respuesta manipulada del servidor DNS configurado, resultar en una violaci\u00f3n de la especificaci\u00f3n DNS que hace que la aplicaci\u00f3n trate una secci\u00f3n que no es de respuesta de la respuesta DNS como una respuesta v\u00e1lida."}], "id": "CVE-2026-4437", "lastModified": "2026-04-07T18:41:36.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T20:16:49.477", "references": [{"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary"}]}

{"bugzilla": {"description": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "id": "2449777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-1286", "details": ["A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-4437", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-20T19:59:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4437\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4437\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=34014"], "statement": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc's DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.34,2.43]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glibc", "source": "cna", "vendor": "The GNU C Library"}, "product": "glibc", "vendor": "the_gnu_c_library"}], "analysis": {"en": {"generated_at": "2026-04-07T23:43:11.257670+00:00", "value": {"mitigation_remediation": ["Upgrade glibc to version 2.44 or later", "Ensure that nsswitch.conf points only to trusted DNS backends or disable DNS resolution for critical services", "Restart applications that link against glibc so they load the updated library"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in glibc versions 2.34 through 2.43, whenever the nsswitch.conf file references a DNS backend. All Linux distributions that ship these glibc releases, including Debian, Ubuntu, Red\u00a0Hill, CentOS, Fedora and others, are affected for any application that links against glibc and uses the gethostbyaddr or gethostbyaddr_r interfaces.", "description_and_impact": "A flaw in the GNU C Library\u2019s gethostbyaddr and gethostbyaddr_r functions causes them to misinterpret DNS replies when the system\u2019s name service switch points to a DNS backend. A malicious DNS server can send a crafted packet that violates the DNS specification by placing a non\u2011answer section in the answer position. The library, following its own logic, treats this section as a valid answer, potentially leading to corrupted hostname resolution or an application crash. The weakness maps to CWE\u2011125 and CWE\u20111286.", "risk_and_exploitability": "The CVSS base score of 7.5 indicates high severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation at present. The vulnerability is not yet catalogued in CISA\u2019s KEV list. Exploitation would require control of a DNS server that the victim queries and the ability to deliver a malformed response. The likely attack vector is network\u2011based remote via DNS; this is inferred from the need for a crafted DNS reply and no requirement for local privileges."}}}}, "created": "2026-03-23T09:52:54.548596+00:00", "updated": "2026-04-08T20:01:26.737458+00:00", "vendors": ["the_gnu_c_library", "the_gnu_c_library$PRODUCT$glibc"]}