Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Regarding NetVault Backup (NVBU):
NetVault Backup dynamically links with the version of glibc provided by the host operating system; NetVault Backup and its plugins do not ship glibc. Therefor it should be the responsibility of the customer and their operating system vendor to ensure the operating system NetVault Backup is installed on is updated with the patched version of the library.
Regarding NetVault Bare Metal Recovery (NVBMR):
The NetVault Bare Metal Recovery product however IS affected as this product ships with the Giga OS operating system that includes glibc. As a result, the following releases will be rebuilt with the patched library and reposted on the Quest support sites in order to address this vulnerability (available to customers by April 15).