Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-24056

Опубликовано: 22 янв. 2023
Источник: debian
EPSS Низкий

Описание

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pkgconffixed1.8.1-1package
pkgconfno-dsabullseyepackage
pkgconfno-dsabusterpackage

Примечания

  • https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023 (pkgconf-1.9.4, pkgconf-1.8.1)

  • https://nullprogram.com/blog/2023/01/18/

EPSS

Процентиль: 4%
0.00021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-24056

CVSS3: 5.5
ubuntu
больше 2 лет назад

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

redhat логотип

CVE-2023-24056

CVSS3: 5.5
redhat
больше 2 лет назад

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

nvd логотип

CVE-2023-24056

CVSS3: 5.5
nvd
больше 2 лет назад

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

msrc логотип

CVE-2023-24056

CVSS3: 5.5
msrc
больше 2 лет назад

Описание отсутствует

suse-cvrf логотип

openSUSE-SU-2023:0043-1

suse-cvrf
больше 2 лет назад

Security update for pkgconf

EPSS

Процентиль: 4%
0.00021
Низкий