Vulnerabilities > CVE-2023-5156 - Memory Leak vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

gnu

redhat

CWE-401

NVD

Published: 2023-09-25

Updated: 2024-11-21

Summary

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc 2.34 GNU Glibc 2.36 GNU Glibc 2.37 GNU Glibc 2.38	4
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://access.redhat.com/security/cve/CVE-2023-5156
https://access.redhat.com/security/cve/CVE-2023-5156
https://bugzilla.redhat.com/show_bug.cgi?id=2240541
https://bugzilla.redhat.com/show_bug.cgi?id=2240541
https://security.gentoo.org/glsa/202402-01
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796