Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-m77w-6vjw-wh2f

Опубликовано: 03 окт. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Ссылки

EPSS

Процентиль: 99%
0.75468
Высокий

7.8 High

CVSS3

CVE ID

CVE-2023-4911

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-4911

CVSS3: 7.8
ubuntu
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

redhat логотип

CVE-2023-4911

CVSS3: 7.8
redhat
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

nvd логотип

CVE-2023-4911

CVSS3: 7.8
nvd
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

msrc логотип

CVE-2023-4911

CVSS3: 7.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-4911

CVSS3: 7.8
debian
больше 1 года назад

A buffer overflow was discovered in the GNU C Library's dynamic loader ...

EPSS

Процентиль: 99%
0.75468
Высокий

7.8 High

CVSS3

CVE ID

CVE-2023-4911

Дефекты

CWE-122
CWE-787