Lucene search

GoogleOSV:CVE-2023-39976

HistoryAug 08, 2023 - 6:15 a.m.

CVE-2023-39976

2023-08-0806:15:46

Google

osv.dev

libqb

buffer overflow

vulnerability

log messages

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.

CPENameOperatorVersion
libqbeq0.17.2
libqbeq0.17.0
libqbeq0.8.1
libqbeq0.12.0
libqbeq0.1.0
libqbeq2.0.3
libqbeq0.11.0
libqbeq1.9.1
libqbeq0.13.0
libqbeq1.0rc3

Name	Operator	Version
libqb	eq	0.17.2
libqb	eq	0.17.0
libqb	eq	0.8.1
libqb	eq	0.12.0
libqb	eq	0.1.0
libqb	eq	2.0.3
libqb	eq	0.11.0
libqb	eq	1.9.1
libqb	eq	0.13.0
libqb	eq	1.0rc3

Rows per page:

1-10 of 491

References

github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8

github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8

github.com/ClusterLabs/libqb/pull/490

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KECNF7LFBPE57XSBT6EM7ACVMIBP63WH/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for OSV:CVE-2023-39976