CVE-2026-4438

{"id": "CVE-2026-4438", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2026-03-20T20:16:49.623", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification."}, {"lang": "es", "value": "Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la biblioteca GNU C versi\u00f3n 2.34 a la versi\u00f3n 2.43 podr\u00eda resultar en que se devuelva un nombre de host DNS no v\u00e1lido al llamador en violaci\u00f3n de la especificaci\u00f3n DNS."}], "lastModified": "2026-03-23T15:16:35.680", "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}