Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-4911

Опубликовано: 03 окт. 2023
Источник: debian
EPSS Высокий

Описание

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.37-12package
glibcnot-affectedbusterpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2023/10/03/2

  • Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12)

  • Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa

  • https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

  • https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0004

EPSS

Процентиль: 99%
0.75468
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2023-4911

CVSS3: 7.8
ubuntu
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

redhat логотип

CVE-2023-4911

CVSS3: 7.8
redhat
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

nvd логотип

CVE-2023-4911

CVSS3: 7.8
nvd
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

msrc логотип

CVE-2023-4911

CVSS3: 7.8
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-m77w-6vjw-wh2f

CVSS3: 7.8
github
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

EPSS

Процентиль: 99%
0.75468
Высокий