CVE-2026-6238

Description

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.03%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-126 CWE-126

Affected Products

Vendor	Product	Versions
gnu	glibc	>= 2.2

References

Other References

https://inbox.sourceware.org/libc-announce/[email protected]/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34069

Frequently Asked Questions

What is CVE-2026-6238? +

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. It has a CVSS v3.1 base score of 6.5 (MEDIUM).

How severe is CVE-2026-6238? +

CVE-2026-6238 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-6238? +

CVE-2026-6238 affects products from gnu, specifically: glibc. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-6238? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-12975

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet …

CVE-2026-41898 9.8

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, …

CVE-2017-17772 9.8

In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

CVE-2024-38373 9.6

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the …

CVE-2023-51773 9.1

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.

CVE-2025-55081 9.1

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain …