wid-sec-w-2026-0817 · Published 2026-03-22 · View on BSI CERT-Bund ↗

GNU libc: Multiple Vulnerabilities allow Manipulation from DNS Antworten

CVSS 7.5 HIGH

Risk Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

CVEs (2)

CVE-2026-4437 CVE-2026-4438

Affected Vendors

Open Source

Affected Products (1)

Open Source · GNU libc 2.34-2.43

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more