DEBIAN-CVE-2026-4438

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-4438

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4438.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-4438

Upstream

CVE-2026-4438

Published

2026-03-20T20:16:49.623Z

Modified

2026-05-27T03:00:07.967052778Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

References

https://security-tracker.debian.org/tracker/CVE-2026-4438

Affected packages

Debian:12 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.36-9+deb12u14

Affected versions

2.*

2.36-9

2.36-9+deb12u1

2.36-9+deb12u2

2.36-9+deb12u3

2.36-9+deb12u4

2.36-9+deb12u5

2.36-9+deb12u6

2.36-9+deb12u7

2.36-9+deb12u8

2.36-9+deb12u9

2.36-9+deb12u10

2.36-9+deb12u11

2.36-9+deb12u12

2.36-9+deb12u13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4438.json"

Debian:13 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.41-12+deb13u3

Affected versions

2.*

2.41-12

2.41-12+deb13u1

2.41-12+deb13u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4438.json"

Debian:14 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.42-14

Affected versions

2.*

2.41-12

2.41-13~hurd.0

2.41-13~hurd.1

2.42-1

2.42-2

2.42-3

2.42-4

2.42-5

2.42-6

2.42-7

2.42-8~hurd.1

2.42-8~hurd.2

2.42-8

2.42-9

2.42-10

2.42-11

2.42-12~hurd.1

2.42-12

2.42-13

2.42-14~hurd.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4438.json"