CVE-2023-4806: 
NixOS vulnerability analysis and mitigation

A flaw was found in glibc (CVE-2023-4806) that was discovered in September 2023. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This vulnerability affects glibc versions prior to 2.37-r7 (Gentoo Advisory, NVD).

The vulnerability occurs when an NSS module implements specific conditions: 1) Implements nss_gethostbyname2_r hook, 2) implements nss_getcanonname_r hook, and 3) does NOT implement nss*_gethostbyname3_r hook. The issue manifests when the resolved name returns a large number of IPv6 and IPv4 addresses, and the getaddrinfo function is called with AF_INET6 address family using AI_CANONNAME, AI_ALL and AI_V4MAPPED flags (Red Hat Bugzilla, OSS Security).

When successfully exploited, this vulnerability could result in a use-after-free condition, potentially causing an application crash or allowing read/write access to arbitrary memory. The vulnerability has been assigned a CVSS base score of 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

The vulnerability has been fixed in glibc version 2.37-r7 and later. Various Linux distributions have released security updates to address this issue: Red Hat Enterprise Linux via RHSA-2023:5453 and RHSA-2023:5455, Fedora via updates to versions 37, 38, and 39, and Gentoo Linux in glibc versions >= 2.37-r7 (Red Hat Advisory, Gentoo Advisory).

The vulnerability was initially discovered and reported through the glibc project. Siddhesh Poyarekar, a key contributor, provided clarification on the specific conditions required for exploitation and confirmed that common NSS modules like the samba wins module are not vulnerable due to their implementation patterns (OSS Security).