CNNVD-202601-2527 Information

CNNVD ID

CNNVD-202601-2527

Related CVE

CVE-2026-0915

• CNNVD Published: 2026-01-15

Description (Chinese)

GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.0版本至2.42版本存在安全漏洞，该漏洞源于使用配置了DNS后端的nsswitch.conf调用getnetbyaddr或getnetbyaddr_r查询零值网络时，可能将堆栈内容泄露给配置的DNS解析器。

Description (English)

GNU C Library is a free-of-charge C-language translation process for the GNU community issued under the LGPL licence agreement. There is a security loophole in GNU C Library Versions 2.0 to 2.42, which arises from the possibility of leaking stack contents to the configured DNS solver when using the nsswitch.conf call for the genetbyaddr or getnetbyaddr r search for a zero-value network with the configured DNS backend.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GNU

Published

2026-01-15

Last Modified

2026-02-24

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://vigilance.fr/vulnerability/GNU-C-Library-memory-reading-via-getnetbyaddr-49447

Patch

https://sourceware.org/bugzilla/show_bug.cgi?id=33802