CVE-2026-6238

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
High
Published: April 28, 2026 (72 days ago)
Last Modified: April 28, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

A flaw was found in glibc (GNU C Library). The deprecated functions ns_printrrf, ns_printrr, and fp_nquery do not properly validate the length of RDATA (Resource Record Data) in a DNS (Domain Name System) response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could craft a malicious DNS response, leading to a target application crashing or reading uninitialized memory. These functions are intended for application debugging and are not part of the standard DNS resolver path.

CWE

CWE-1284

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4Red Hat Hardened Images

Fix Status

✅ Fix Available

References