PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-4527 Redhat CVE debrief

CVE-2023-4527 is a glibc flaw that can leak limited stack contents and trigger a crash when getaddrinfo is used with AF_UNSPEC on systems configured for no-aaaa mode. The issue is network-triggered, has no user interaction requirement, and is tracked by NVD with a medium CVSS score of 6.5.

Vendor
Redhat
Product
CVE-2023-4527
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2023-09-18
Original CVE updated
2026-05-12
Advisory published
2023-09-18
Advisory updated
2026-05-12

Who should care

Administrators and platform teams running glibc-based Linux systems, especially Red Hat, Fedora, and other downstream products listed in the CVE record, should care most if their systems use no-aaaa mode in /etc/resolv.conf and rely on DNS resolution through getaddrinfo.

Technical summary

According to the CVE description, when getaddrinfo is called with AF_UNSPEC and the resolver is configured with no-aaaa mode, a TCP DNS response larger than 2048 bytes can cause returned address data to disclose stack contents and may also crash the process. NVD maps the issue primarily to CWE-125, while Red Hat also lists CWE-121. The NVD record’s CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H, indicating a remotely reachable issue with confidentiality impact and stronger availability impact.

Defensive priority

Medium

Recommended defensive actions

  • Apply vendor security updates that include the glibc fix, using the relevant Red Hat, Fedora, or downstream product advisory for your environment.
  • Review whether no-aaaa mode is actually required in /etc/resolv.conf; if it is not needed, remove or minimize its use as part of hardening and risk reduction.
  • Identify systems and services that depend on getaddrinfo for DNS resolution and prioritize patching where crashes or data exposure would have the highest operational impact.
  • Validate package versions against the affected glibc ranges in the NVD record, including 2.36 before 2.36.113, 2.37 before 2.37.38, and 2.38 before 2.38.19.
  • Monitor for resolver-related crashes or unusual service failures until remediation is complete.

Evidence notes

CVE publishedAt is 2023-09-18T17:15:55.067Z, and the NVD record was modified on 2026-05-12T11:16:15.747Z; those dates reflect record lifecycle, not the issue’s original cause. The supplied NVD data lists CVSS 3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H and identifies CWE-125 as primary. The record also includes downstream CPEs for Red Hat, Fedora, and NetApp products, along with glibc version ranges ending before 2.36.113, 2.37.38, and 2.38.19.

Official resources

Publicly disclosed in the CVE/NVD and vendor advisories on 2023-09-18; later record updates were published on 2026-05-12. No Known Exploited Vulnerabilities listing is provided in the supplied data.