Lucene search

Ubuntu.comUB:CVE-2023-25139

HistoryFeb 03, 2023 - 12:00 a.m.

CVE-2023-25139

2023-02-0300:00:00

ubuntu.com

buffer overflow

gnu c library

out-of-bounds write

vulnerable code introduced

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

46.7%

JSON

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow
(out-of-bounds write) in some situations with a correct buffer size. This
is unrelated to CWE-676. It may write beyond the bounds of the destination
buffer when attempting to write a padded, thousands-separated string
representation of a number, if the buffer is allocated the exact size
required to represent that number as a string. For example, 1,234,567 (with
padding to 13) overflows by two bytes.

Bugs

<https://sourceware.org/bugzilla/show_bug.cgi?id=30068>

Notes

Author	Note
ccdm94	Debian: “Vulnerable code introduced in 2.37”.

OSVersionArchitecturePackageVersionFilename
ubuntu23.04noarchglibc< 2.37-0ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.04	noarch	glibc	< 2.37-0ubuntu2	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-25139

nvd.nist.gov/vuln/detail/CVE-2023-25139

security-tracker.debian.org/tracker/CVE-2023-25139

www.cve.org/CVERecord?id=CVE-2023-25139

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for UB:CVE-2023-25139