Lucene search

K
ubuntuUbuntuUSN-6409-1
HistoryOct 03, 2023 - 12:00 a.m.

GNU C Library vulnerabilities

2023-10-0300:00:00
ubuntu.com
39
ubuntu
glibc
privilege escalation
cve-2023-4911
dns
denial of service
cve-2023-4527

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.016

Percentile

87.4%

Releases

  • Ubuntu 23.04
  • Ubuntu 22.04 LTS

Packages

  • glibc - GNU C Library

Details

It was discovered that the GNU C Library incorrectly handled the
GLIBC_TUNABLES environment variable. An attacker could possibly use this
issue to perform a privilege escalation attack. (CVE-2023-4911)

It was discovered that the GNU C Library incorrectly handled certain DNS
responses when the system was configured in no-aaaa mode. A remote attacker
could possibly use this issue to cause the GNU C Library to crash,
resulting in a denial of service. This issue only affected Ubuntu 23.04.
(CVE-2023-4527)

Rows per page:
1-10 of 441

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.016

Percentile

87.4%