9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.8%
DISPUTED A vulnerability was found in GNU C Library 2.38. It has been
declared as critical. This vulnerability affects the function __monstartup
of the file gmon.c of the component Call Graph Monitor. The manipulation
leads to buffer overflow. It is recommended to apply a patch to fix this
issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE:
The real existence of this vulnerability is still doubted at the moment.
The inputs that induce this vulnerability are basically addresses of the
running application that is built with gmon enabled. It’s basically trusted
input or input that needs an actual security flaw to be compromised or
controlled.
Author | Note |
---|---|
iconstantin | Upstream does not consider this to be a security issue and is disputing the CVE. |
mdeslaur | marking as not-affected due to the issue being disputed |
launchpad.net/bugs/cve/CVE-2023-0687
nvd.nist.gov/vuln/detail/CVE-2023-0687
patchwork.sourceware.org/project/glibc/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2023-0687
sourceware.org/bugzilla/show_bug.cgi?id=29444
vuldb.com/?ctiid.220246
vuldb.com/?id.220246
www.cve.org/CVERecord?id=CVE-2023-0687
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.8%