Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Jan 20, 2026

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

CVE-2026-0915

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Affected products

Bminor/GlibcOSV
Range: changelog-ends-here, cvs/ChangeLog, cvs/before-thomas-posix1996, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000