Vulnerabilities > CVE-2023-4911 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2023-10-03

Updated: 2024-02-22

Summary

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc 2.34 GNU Glibc 2.36 GNU Glibc 2.37 GNU Glibc 2.38	4
Application	Redhat Redhat Virtualization Host 4.0 Redhat Virtualization 4.0 Redhat Codeready Linux Builder FOR Power Little Endian EUS 8.6 Redhat Codeready Linux Builder EUS 8.6 Redhat Codeready Linux Builder FOR IBM Z Systems EUS 8.6 Redhat Codeready Linux Builder FOR Arm64 EUS 8.6	6
OS	Fedoraproject Fedoraproject Fedora 37 Fedoraproject Fedora 38 Fedoraproject Fedora 39	3
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Redhat Enterprise Linux Server AUS 8.6 Redhat Enterprise Linux Server TUS 8.6 Redhat Enterprise Linux EUS 8.6 Redhat Enterprise Linux FOR ARM 64 EUS 8.6_Aarch64 Redhat Enterprise Linux FOR IBM Z Systems EUS S390X 8.6 Redhat Enterprise Linux FOR Power BIG Endian EUS 8.6_Ppc64Le	8

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Vulnerabilities > CVE-2023-4911 - Out-of-bounds Write vulnerability in multiple products

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References