DEBIAN-CVE-2026-0915

DEBIAN-CVE-2026-0915 PUBLISHED CVSS 7.5 HIGH

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	glibc	2.41-12, 2.41-12, 0
Debian:14	glibc	2.42-3, 2.42-4, 2.42-5
Debian:11	glibc	2.32-0experimental0, 2.33-1, 2.33-2+qemu1
Debian:12	glibc	2.36-9+deb12u5, 2.36-9+deb12u6, 2.36-9+deb12u7

Timeline

Jan 15, 2026 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-0915 advisory

Open in Interactive Console →