CVE-2026-4438 Gnu — Exploit & Vulnerability Details MEDIUM

CVE-2026-4438

MEDIUM CVSS 3.1: 5.4 EPSS 0.03%

Parameter	Value
CVSS	5.4 (MEDIUM)
Affected Versions	2.34 — 2.43
Type	CWE-88, CWE-20 (Improper Input Validation)
Vendor	Gnu
Public PoC	No

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-88

CWE-20 Improper Input Validation

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Gnu Glibc cpe:2.3:a:gnu:glibc::::::::	`2.34`	`<= 2.43`

References 1

https://sourceware.org/bugzilla/show_bug.cgi?id=34015

3ff69d7a-14f2-4f67-a097-88dee7810d18

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4046

Gnu

7.5

CVE-2026-4647

Red Hat

6.1

CVE-2026-4437

Gnu

7.5

CVE-2026-3442

Gnu

7.1

CVE-2026-3441

Gnu

7.1

Menu

CVE-2026-4438

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-4046

CVE-2026-4647

CVE-2026-4437

CVE-2026-3442

CVE-2026-3441

CVE Details

Editor's Choice

Menu

CVE-2026-4438

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-4046

CVE-2026-4647

CVE-2026-4437

CVE-2026-3442

CVE-2026-3441

CVE Details

Editor's Choice

Stay informed on cybersecurity