CVE-2026-4437

EUVD-2026-13796
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
gnuglibc
2.34 ≤
𝑥
≤ 2.43
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
2.42-15
fixed
sid
2.42-16
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glibc
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-32bit
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-devel
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-devel-32bit
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-devel-static
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-extra
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-i18ndata
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-info
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-lang
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-locale
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-locale-base
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-locale-base-32bit
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-profile
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
glibc-utils
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
libnsl1
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
libnsl1-32bit
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
nscd
suse enterprise desktop 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP6
2.38-150600.14.46.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.46.1
fixed
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/show_bug.cgi?id=34014