Vulnerability-Lookup

MSRC_CVE-2026-4437

Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-31 15:09

Summary

gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-4437

CWE-125 - Out-of-bounds Read

None Available There is no fix available for this vulnerability as of now

Vendor Fix 2.38-19:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade https://learn.microsoft.com/en-us/azure/azure-lin…

References

URL

Category

	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
	https://support.microsoft.com/lifecycle	external
	https://www.first.org/cvss	external
	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-4437.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response",
    "tracking": {
      "current_release_date": "2026-03-31T15:09:24.000Z",
      "generator": {
        "date": "2026-04-01T07:38:22.468Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-4437",
      "initial_release_date": "2026-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-22T01:01:18.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-03-23T14:39:29.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2026-03-25T01:01:14.000Z",
          "legacy_version": "3",
          "number": "3",
          "summary": "Information published."
        },
        {
          "date": "2026-03-28T14:37:28.000Z",
          "legacy_version": "4",
          "number": "4",
          "summary": "Information published."
        },
        {
          "date": "2026-03-31T15:09:24.000Z",
          "legacy_version": "5",
          "number": "5",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 glibc 2.38-19",
                "product": {
                  "name": "\u003cazl3 glibc 2.38-19",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 glibc 2.38-19",
                "product": {
                  "name": "azl3 glibc 2.38-19",
                  "product_id": "21140"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 glibc 2.38-18",
                "product": {
                  "name": "\u003cazl3 glibc 2.38-18",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 glibc 2.38-18",
                "product": {
                  "name": "azl3 glibc 2.38-18",
                  "product_id": "20895"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 glibc 2.35-10",
                "product": {
                  "name": "cbl2 glibc 2.35-10",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "glibc"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 glibc 2.38-19 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 glibc 2.38-19 as a component of Azure Linux 3.0",
          "product_id": "21140-17084"
        },
        "product_reference": "21140",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 glibc 2.38-18 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 glibc 2.38-18 as a component of Azure Linux 3.0",
          "product_id": "20895-17084"
        },
        "product_reference": "20895",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 glibc 2.35-10 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-4437",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "general",
          "text": "glibc",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21140-17084",
          "20895-17084"
        ],
        "known_affected": [
          "17084-1",
          "17084-3",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-4437.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-03-22T01:01:18.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-2"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-22T01:01:18.000Z",
          "details": "2.38-19:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1",
            "17084-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response"
    }
  ]
}

CVE-2026-4437 (GCVE-0-2026-4437)

Vulnerability from cvelistv5 – Published: 2026-03-20 19:59 – Updated: 2026-03-23 15:13

Title

gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds read

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=34014

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.34 , ≤ 2.43 (custom)

Date Public ?

2026-03-20 22:20

Credits

Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me Kevin Farrell

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:10:34.650805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:13:56.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.43",
              "status": "affected",
              "version": "2.34",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kevin Farrell"
        }
      ],
      "datePublic": "2026-03-20T22:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-142",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-142 DNS Cache Poisoning"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T19:59:00.427Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-4437",
    "datePublished": "2026-03-20T19:59:00.427Z",
    "dateReserved": "2026-03-19T19:55:42.906Z",
    "dateUpdated": "2026-03-23T15:13:56.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2026-4437

CVE-2026-4437 (GCVE-0-2026-4437)

Tags

Sightings

Nomenclature