VYPR
Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Jan 20, 2026

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

CVE-2026-0915

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Affected products

257

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.