AZL-74817

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74817.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-74817

Upstream

CVE-2026-0915

Published

2026-01-15T22:16:12Z

Modified

2026-04-21T04:38:47.752985Z

Summary

CVE-2026-0915 affecting package glibc for versions less than 2.35-9

Details

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0915

Affected packages

Azure Linux:2 / glibc

Package

Name: glibc
Purl: pkg:rpm/azure-linux/glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.35-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74817.json"