Lucene search

K

[email protected]NVD:CVE-2023-2603

HistoryJun 06, 2023 - 8:15 p.m.

CVE-2023-2603

2023-06-0620:15:13

CWE-190

[email protected]

web.nvd.nist.gov

1

vulnerability

libcap

integer overflow

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

Affected configurations

NVD

Node

libcap_projectlibcapRange<2.66-4

Node

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

Node

fedoraprojectfedoraMatch37

OR

fedoraprojectfedoraMatch38

Node

debiandebian_linuxMatch11.0

References

bugzilla.redhat.com/show_bug.cgi?id=2209113

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/

www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-2603