Lucene search

K
nvd[email protected]NVD:CVE-2023-4911
HistoryOct 03, 2023 - 6:15 p.m.

CVE-2023-4911

2023-10-0318:15:10
CWE-122
CWE-787
web.nvd.nist.gov
3
buffer overflow
gnu c library
ld.so
glibc_tunables
local attacker
suid permission
elevated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.016

Percentile

87.4%

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Affected configurations

NVD
Node
gnuglibcRange2.342.39
Node
fedoraprojectfedoraMatch37
OR
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
Node
redhatcodeready_linux_builder_eusMatch8.6
OR
redhatcodeready_linux_builder_for_arm64_eusMatch8.6
OR
redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch8.6
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.6
OR
redhatvirtualizationMatch4.0
OR
redhatvirtualization_hostMatch4.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
OR
redhatenterprise_linux_eusMatch8.6
OR
redhatenterprise_linux_for_arm_64_eusMatch8.6_aarch64
OR
redhatenterprise_linux_for_ibm_z_systems_eus_s390xMatch8.6
OR
redhatenterprise_linux_for_power_big_endian_eusMatch8.6_ppc64le
OR
redhatenterprise_linux_server_ausMatch8.6
OR
redhatenterprise_linux_server_tusMatch8.6

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.016

Percentile

87.4%