CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
32.1%
libeconf.so is vulnerable to Buffer Overflows. The vulnerability exists due to not checking the size of comment_before_key
before copying into a buffer, which allows an attacker to cause an application crash by providing malformed configuration file.
bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32181
github.com/advisories/GHSA-wjxc-pgfj-hwrc
github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
github.com/openSUSE/libeconf/issues/178
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32181
https://github.com/openSUSE/libeconf/issues/178