Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-28T16:43:08 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CWE-1284

A flaw was found in glibc (GNU C Library). The deprecated functions ns_printrrf, ns_printrr, and fp_nquery do not properly validate the length of RDATA (Resource Record Data) in a DNS (Domain Name System) response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could craft a malicious DNS response, leading to a target application crashing or reading uninitialized memory. These functions are intended for application debugging and are not part of the standard DNS resolver path.

Red Hat Hardened Images 2026-05-01T00:00:00Z RHSA-2026:12740 glibc-main-2.42-12.hum1 Red Hat Enterprise Linux 10 Not affected glibc Red Hat Enterprise Linux 6 Not affected compat-glibc Red Hat Enterprise Linux 6 Not affected glibc Red Hat Enterprise Linux 7 Not affected compat-glibc Red Hat Enterprise Linux 7 Not affected glibc Red Hat Enterprise Linux 8 Not affected glibc Red Hat Enterprise Linux 9 Not affected glibc Red Hat OpenShift Container Platform 4 Not affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-6238 https://nvd.nist.gov/vuln/detail/CVE-2026-6238 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34069