CVE-2026-4438 | THREATINT

Description

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

PUBLISHED Reserved 2026-03-19 | Published 2026-03-20 | Updated 2026-03-23 | Assigner glibc

Problem types

CWE-20 Improper input validation

Product status

Default status

unaffected

2.34 (custom)

affected

Credits

Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me finder

References

sourceware.org/bugzilla/show_bug.cgi?id=34015

cve.org (CVE-2026-4438)

nvd.nist.gov (CVE-2026-4438)

Download JSON