Skip to main content

Glibc CVE-2026-4438

| EUVDEUVD-2026-13798 MEDIUM
Improper Input Validation (CWE-20)
2026-03-20 glibc
5.4
CVSS 3.1 · Vendor: glibc
Share

Severity by source

Vendor (glibc) PRIMARY
5.4 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
SUSE
MEDIUM
qualitative
Red Hat
4.0 LOW
qualitative

Primary rating from Vendor (glibc).

CVSS VectorVendor: glibc

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 20, 2026 - 20:15 euvd
EUVD-2026-13798
Analysis Generated
Mar 20, 2026 - 20:15 vuln.today
CVE Published
Mar 20, 2026 - 19:59 nvd
MEDIUM 5.4

DescriptionCVE.org

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

AnalysisAI

The GNU C Library (glibc) versions 2.34 through 2.43 contain a vulnerability in the gethostbyaddr and gethostbyaddr_r functions that can return invalid DNS hostnames violating DNS specification requirements when using a configured nsswitch.conf with the DNS backend. This affects any application or system service relying on reverse DNS lookups through glibc, potentially leading to information disclosure or incorrect hostname resolution. While no CVSS score, EPSS probability, or active exploitation status has been publicly assigned, the vulnerability represents a data integrity issue in a foundational system library affecting millions of Linux systems.

Technical ContextAI

The vulnerability resides in the GNU C Library (glibc), a critical component providing the C standard library and system call interfaces for POSIX-compliant operating systems. Specifically, the gethostbyaddr and gethostbyaddr_r functions perform reverse DNS lookups by querying DNS infrastructure to resolve IP addresses to hostnames. The affected versions (2.34 through 2.43, identified via CPE cpe:2.3:a:the_gnu_c_library:glibc:*:*:*:*:*:*:*:*) contain a flaw in DNS response processing when nsswitch.conf explicitly configures the DNS backend for address-to-name resolution. The root cause is classified as CWE-20 (Improper Input Validation), indicating that glibc fails to properly validate or sanitize DNS responses, allowing malformed or non-compliant DNS hostnames to be returned to callers. This violates RFC 1035 DNS naming conventions and can propagate invalid data throughout the application stack.

RemediationAI

Upgrade glibc to version 2.44 or later, which contains the fix for invalid DNS hostname validation in the gethostbyaddr and gethostbyaddr_r functions. For Debian and Ubuntu systems, run apt-get update && apt-get upgrade libc6 to the latest patched version. For RHEL and Fedora, use yum/dnf update glibc to version 2.44 or later. For Alpine Linux, update musl-c or glibc package to the patched version. Verify the installed glibc version using ldd --version or dpkg -l | grep libc6. Until patching is complete, monitor nsswitch.conf configurations and consider restricting DNS backend usage to trusted, validated resolvers where possible. For systems unable to immediately patch, validate all reverse DNS lookups through application-level checks to ensure hostname compliance with DNS specifications before using them in security-sensitive operations.

More in Glibc

View all
CVE-2015-0235 CRITICAL POC
10.0 Jan 28

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,

CVE-2015-7547 HIGH POC
8.1 Feb 18

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C

CVE-2023-6246 HIGH POC
8.4 Jan 31

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, r

CVE-2014-5119 HIGH POC
7.5 Aug 29

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-depe

CVE-2012-4412 HIGH POC
7.5 Oct 09

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-depende

CVE-2018-1000001 HIGH POC
7.8 Jan 31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th

CVE-2023-25139 CRITICAL POC
9.8 Feb 03

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct

CVE-2021-33574 CRITICAL POC
9.8 May 25

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical seve

CVE-2019-1010022 CRITICAL POC
9.8 Jul 15

GNU Libc current is affected by: Mitigation bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2019-9169 CRITICAL POC
9.8 Feb 26

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer ove

CVE-2017-1000366 HIGH POC
7.8 Jun 19

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin

CVE-2014-9402 HIGH POC
7.8 Feb 24

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Se

Vendor StatusVendor

Debian

glibc
Release Status Fixed Version Urgency
bullseye vulnerable 2.31-13+deb11u11 -
bullseye (security) vulnerable 2.31-13+deb11u13 -
bookworm vulnerable 2.36-9+deb12u13 -
bookworm (security) vulnerable 2.36-9+deb12u7 -
trixie vulnerable 2.41-12+deb13u2 -
forky, sid vulnerable 2.42-13 -
(unstable) fixed (unfixed) -

SUSE

Severity: Medium
Product Status
Container rancher/elemental-channel/sl-micro:6.0-baremetal Container rancher/elemental-channel/sl-micro:6.0-base Container rancher/elemental-channel/sl-micro:6.0-kvm Container rancher/elemental-channel/sl-micro:6.0-rt Container suse/sl-micro/6.0/baremetal-iso-image:2.1.4-6.152 Container suse/sl-micro/6.0/base-iso-image:2.1.4-5.152 Container suse/sl-micro/6.0/kvm-iso-image:2.1.4-6.159 Container suse/sl-micro/6.0/rt-iso-image:2.1.4-6.151 Container suse/sl-micro/6.1/baremetal-iso-image:2.2.1-5.97 Container suse/sl-micro/6.1/base-iso-image:2.2.1-5.114 Container suse/sl-micro/6.1/kvm-iso-image:2.2.1-5.127 Container suse/sl-micro/6.1/rt-iso-image:2.2.1-5.101 Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.158 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-EC2 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.125 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.142 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.156 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.88 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.112 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.114 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.102 Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SLE-Micro-BYOS-GCE Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.93 Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-4438 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy