From: Siddhesh Poyarekar <siddhesh@gotplt.org>
Date: Mon, 27 Apr 2026 22:29:26 +0000 (-0400)
Subject: Document CVE-2026-6238
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db5b939311710bd6cb9506cd7f61de054d3bdcee;p=thirdparty%2Fglibc.git

Document CVE-2026-6238

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
---

diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012
new file mode 100644
index 0000000000..29498d905e
--- /dev/null
+++ b/advisories/GLIBC-SA-2026-0012
@@ -0,0 +1,18 @@
+Buffer overread in ns_printrrf with corrupted RDATA field
+
+The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the
+GNU C Library version 2.2 and newer fail to validate the RDATA content
+against the RDATA length in a DNS response when processing LOC, CERT,
+TKEY or TSIG records, which may allow an attacker to craft a DNS
+response, causing a target application to crash or read uninitialized
+memory.
+
+These functions are for debugging only and hence not in the default path
+of code executed by the DNS resolver.  Further, they have been
+deprecated since version 2.34 and should not be used by any new
+applications.  Applications should consider porting away from these
+interfaces since they may be removed in future versions.
+
+CVE-Id: CVE-2026-6238
+Public-Date: 2026-04-11
+Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.1.1-735)