id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5347	CVE-2023-4806: potential use-after-free in Glibc getcanonname	Xi Ruoyao	lfs-book	"In an extremely rare situation, the getaddrinfo function in glibc may access memory that has already been freed, resulting in an application crash.

This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r hook without implementing the _nss_*_gethostbyname3_r hook. There are no known modules that are implemented in this way.

In addition to that condition, the resolved name should return a large number of IPv6 as well as IPv4 and the call to the getaddrinfo function should have AF_INET6 with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags."	enhancement	closed	high	12.1	Errata	git	normal	fixed