CVE-2026-0915

NameCVE-2026-0915
DescriptionCalling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)bullseye2.31-13+deb11u11vulnerable
bullseye (security)2.31-13+deb11u13vulnerable
bookworm2.36-9+deb12u13vulnerable
bookworm (security)2.36-9+deb12u7vulnerable
trixie2.41-12+deb13u1vulnerable
forky, sid2.42-7vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsource(unstable)(unfixed)

Notes

https://sourceware.org/bugzilla/show_bug.cgi?id=33802
Search for package or bug name: Reporting problems