CVE-2026-0915

CVE-2026-0915: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Vendor The Gnu C Library
Product glibc
Weakness CWE-908
Published January 15, 2026
Last update January 20, 2026

CVSS base score

What the vulnerability does

01Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Key dates

02Disclosure timeline

January 15, 2026 CVE published
January 20, 2026 Record updated