CVEFinder.io

CVE-2026-4438

🔶 medium
🔍 Scan for this CVE
Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

CVSS Score
5.4
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-03-20
First Seen: 2026-03-21
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 22.8% of all 329,456 vulnerabilities in our database.

#254,389
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 23, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me
SSVC data provided by CISA
Last Modified 2026-04-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-20 CWE-88

📦 Affected Products 1

Vendor Product Status Affected Versions
gnu glibc Affected
> 2.34 < 2.43

🔗 References 1

https://sourceware.org/bugzilla/show_bug.cgi?id=34015
Exploit Issue Tracking Patch

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6238 🔶 medium 6.5 0.3 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail t... 2026-04-28
CVE-2026-5435 ⚠️ high 7.3 0.1 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforc... 2026-04-28
CVE-2026-4046 ⚠️ high 7.5 0.0 The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin... 2026-03-30
CVE-2026-4437 ⚠️ high 7.5 0.1 Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... 2026-03-20
CVE-2026-3904 🔶 medium 6.2 0.0 Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library ... 2026-03-11
CVE-2025-15281 ⚠️ high 7.5 0.1 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cau... 2026-01-20
These CVEs affect the same products