Bug 1215714 (CVE-2023-5156)

Summary:	VUL-0: CVE-2023-5156: glibc: DoS due to memory leak in getaddrinfo.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Andreas Schwab <schwab>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Minor
Priority:	P3 - Medium	CC:	cathy.hu, stoyan.manolov
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/379740/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-5156:3.7:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	1215281

Description SMASH SMASH 2023-09-26 08:37:31 UTC

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced
the potential for a memory leak, which may result in an application crash.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5156
https://bugzilla.redhat.com/show_bug.cgi?id=2240541
https://access.redhat.com/security/cve/CVE-2023-5156
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

Comment 1 Cathy Hu 2023-09-26 08:40:44 UTC

Tracking as affected (since the memory leak and CVE-2023-4806 need to be fixed):
- SUSE:ALP:Source:Standard:1.0/glibc  2.37  
- openSUSE:Factory/glibc              2.38

Tracking as not affected:
- SUSE:Carwos:1/glibc                 2.26  
- SUSE:SLE-11-SP3:Update/glibc        2.11.3
- SUSE:SLE-12-SP2:Update/glibc        2.22  
- SUSE:SLE-12-SP4:Update/glibc        2.22  
- SUSE:SLE-15-SP3:Update/glibc        2.31  
- SUSE:SLE-15:Update/glibc            2.26