CVE-2023-4806: 
NixOS vulnerability analysis and mitigation

A flaw was found in glibc (CVE-2023-4806) that was discovered in September 2023. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This vulnerability affects glibc versions prior to 2.37-r7 (Gentoo Advisory, NVD).

The vulnerability occurs when an NSS module implements specific conditions: 1) Implements nssgethostbyname2r hook, 2) implements nssgetcanonnamer hook, and 3) does NOT implement nss*gethostbyname3r hook. The issue manifests when the resolved name returns a large number of IPv6 and IPv4 addresses, and the getaddrinfo function is called with AFINET6 address family using AICANONNAME, AIALL and AIV4MAPPED flags (Red Hat Bugzilla, OSS Security).

When successfully exploited, this vulnerability could result in a use-after-free condition, potentially causing an application crash or allowing read/write access to arbitrary memory. The vulnerability has been assigned a CVSS base score of 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

The vulnerability has been fixed in glibc version 2.37-r7 and later. Various Linux distributions have released security updates to address this issue: Red Hat Enterprise Linux via RHSA-2023:5453 and RHSA-2023:5455, Fedora via updates to versions 37, 38, and 39, and Gentoo Linux in glibc versions >= 2.37-r7 (Red Hat Advisory, Gentoo Advisory).

The vulnerability was initially discovered and reported through the glibc project. Siddhesh Poyarekar, a key contributor, provided clarification on the specific conditions required for exploitation and confirmed that common NSS modules like the samba wins module are not vulnerable due to their implementation patterns (OSS Security).