CVE-2026-4438

MEDIUM

5.4

Description

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

CVE Details

CVSS v3.1 Score5.4

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/20/2026

Last Modified4/7/2026

Sourcenvd

Honeypot Sightings0

Affected Products

gnu:glibc

Weaknesses (CWE)

CWE-20CWE-88

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34015(3ff69d7a-14f2-4f67-a097-88dee7810d18)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.