VDB
DEBIAN-CVE-2026-4438
DEBIAN-CVE-2026-4438
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
Risk Scores
CVSS v3.1
5.400000095367432
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | glibc | 0, 2.41-12, 2.41-13~hurd.1 |
| Debian:11 | glibc | 2.31-13, 2.31-13+deb11u1, 2.31-13+deb11u11 |
| Debian:12 | glibc | 0, 2.36-9, 2.36-9+deb12u1 |
| Debian:13 | glibc | 0, 2.41-12, 2.41-12+deb13u2 |
Timeline
- Mar 20, 2026 CVE Published
- May 16, 2026 CVE Updated