CVE-2023-24056

2023-01-2204:15:11

Debian Security Bug Tracker

security-tracker.debian.org

pkgconf

variable duplication

string expansion

security vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

18.4%

JSON

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

OSVersionArchitecturePackageVersionFilename
Debian12allpkgconf< 1.8.1-1pkgconf_1.8.1-1_all.deb
Debian11allpkgconf<= 1.7.4~git20210206+dcf529b-3pkgconf_1.7.4~git20210206+dcf529b-3_all.deb
Debian10allpkgconf<= 1.6.0-1pkgconf_1.6.0-1_all.deb
Debian999allpkgconf< 1.8.1-1pkgconf_1.8.1-1_all.deb
Debian13allpkgconf< 1.8.1-1pkgconf_1.8.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pkgconf	< 1.8.1-1	pkgconf_1.8.1-1_all.deb
Debian	11	all	pkgconf	<= 1.7.4~git20210206+dcf529b-3	pkgconf_1.7.4~git20210206+dcf529b-3_all.deb
Debian	10	all	pkgconf	<= 1.6.0-1	pkgconf_1.6.0-1_all.deb
Debian	999	all	pkgconf	< 1.8.1-1	pkgconf_1.8.1-1_all.deb
Debian	13	all	pkgconf	< 1.8.1-1	pkgconf_1.8.1-1_all.deb