CVE-2026-6238— Buffer overread in ns_printrrf with corrupted RDATA field
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6238
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer overread in ns_printrrf with corrupted RDATA field
Source: NVD (National Vulnerability Database)
Vulnerability Description
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区上溢读取
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU C Library 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.2及更新版本存在安全漏洞,该漏洞源于在处理DNS响应中的LOC、CERT、TKEY或TSIG记录时,函数ns_printrrf、ns_printrr和fp_nquery未能验证RDATA内容与RDATA长度,可能导致攻击者制作DNS响应,导致目标应用程序崩溃或读取未初始化内存。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The GNU C Library | glibc | 2.2 ~ 0 | - |
II. Public POCs for CVE-2026-6238
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6238
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: glibc
- CVE-2026-5435
Potential buffer overflow in ns_sprintrrf TSIG handling path - CVE-2026-5450
scanf %mc off-by-one heap buffer overflow - CVE-2026-5928
Potential buffer under-read in ungetwc - CVE-2026-4046
iconv crash due to assertion failure with untrusted input - CVE-2026-4438
gethostbyaddr and gethostbyaddr_r return invalid DNS hostnam
Same vendor: The GNU C Library
- CVE-2026-5435
Potential buffer overflow in ns_sprintrrf TSIG handling path - CVE-2026-5450
scanf %mc off-by-one heap buffer overflow - CVE-2026-5928
Potential buffer under-read in ungetwc - CVE-2026-4046
iconv crash due to assertion failure with untrusted input - CVE-2026-4438
gethostbyaddr and gethostbyaddr_r return invalid DNS hostnam
V. Comments for CVE-2026-6238
No comments yet