CVE & CISA-KEV Catalog

CVE-2026-6238

MEDIUM
6.5
CVSS v3
NVD

Description

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

How to fix

Remediation Available
glibcRed Hat / RHEL
Fixed in:main@aarch64RHSA-2026:12740
Fixed in:main@x86_64RHSA-2026:12740
Fixed in:main@srcRHSA-2026:12740
Fixed in:main@noarchRHSA-2026:12740
glibcRocky
Fixed in:main@aarch64RHSA-2026:12740
Fixed in:main@x86_64RHSA-2026:12740
Fixed in:main@srcRHSA-2026:12740
Fixed in:main@noarchRHSA-2026:12740

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Exploit Intelligence

0.31%probability of exploitation in 30 days
23rdpercentile

Low risk: more likely to be exploited than 23% of all known CVEs.

References

Third-Party Advisory1
Issue Tracking1
Embed a live status badge for CVE-2026-6238
CVE-2026-6238 severity badge

Markdown

[![CVE-2026-6238](https://tridentstack.com/cve/badge/CVE-2026-6238.svg)](https://tridentstack.com/cve/CVE-2026-6238)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-6238"><img src="https://tridentstack.com/cve/badge/CVE-2026-6238.svg" alt="CVE-2026-6238"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-19.