CVEFinder.io

CVE-2026-6238

🔶 medium
🔍 Scan for this CVE
Summary

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they hav

Description

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.

These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

CVSS Score
6.5
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2026-04-28
First Seen: 2026-05-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 329,456 vulnerabilities in our database.

#172,059
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 28, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CWE IDs (Weakness Types)
CWE-126

📦 Affected Products 1

Vendor Product Status Affected Versions
gnu glibc Affected
> 2.2

🔗 References 2

https://inbox.sourceware.org/libc-announce/7a655d55-...
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=34069
Issue Tracking

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-5435 ⚠️ high 7.3 0.1 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforc... 2026-04-28
CVE-2026-4046 ⚠️ high 7.5 0.0 The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin... 2026-03-30
CVE-2026-4437 ⚠️ high 7.5 0.1 Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... 2026-03-20
CVE-2026-4438 🔶 medium 5.4 0.1 Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... 2026-03-20
CVE-2026-3904 🔶 medium 6.2 0.0 Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library ... 2026-03-11
CVE-2025-15281 ⚠️ high 7.5 0.1 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cau... 2026-01-20
These CVEs affect the same products