CVE-2026-0915 | THREATINT

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-15 | Updated 2026-01-20 | Assigner glibc

Problem types

CWE-908 Use of Uninitialized Resource

Product status

Default status

unaffected

2.0 (custom)

affected

Credits

Igor Morgenstern, Aisle Research finder

References

www.openwall.com/lists/oss-security/2026/01/16/6

sourceware.org/bugzilla/show_bug.cgi?id=33802 exploit

sourceware.org/bugzilla/show_bug.cgi?id=33802

cve.org (CVE-2026-0915)

nvd.nist.gov (CVE-2026-0915)

Download JSON