CVE-2023-2603

Опубликовано: 06 июн. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2209113
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
Broken Link
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
Broken Link
Third Party Advisory
https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
Exploit
Technical Description
https://bugzilla.redhat.com/show_bug.cgi?id=2209113
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
Broken Link
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
Broken Link
Third Party Advisory
https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
Exploit
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libcap_project:libcap:*:*:*:*:*:*:*:*

Версия до 2.69 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01146

Низкий

7.8 High

CVSS3

Дефекты

CWE-190

Связанные уязвимости

CVE-2023-2603

CVSS3: 7.8

ubuntu

больше 2 лет назад

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVE-2023-2603

CVSS3: 7.8

redhat

больше 2 лет назад

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVE-2023-2603

CVSS3: 7.8

msrc

больше 2 лет назад

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVE-2023-2603

CVSS3: 7.8

debian

больше 2 лет назад

A vulnerability was found in libcap. This issue occurs in the _libcap_ ...

SUSE-SU-2023:2956-1

suse-cvrf

больше 2 лет назад

Security update for libcap

EPSS

Процентиль: 78%

0.01146

Низкий

7.8 High

CVSS3

Дефекты

CWE-190