PT-2023-5614 · Gnu+7 · Glibc+7

Saeed Abbasi

·

Publicado

2023-10-03

·

Atualizado

2026-05-12

·

CVE-2023-4911

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions glibc versions 2.32-alt5.p10.2 through 2.38.0.27.750a45a783-alt1
Description This update addresses a buffer overflow vulnerability in the GNU C Library’s dynamic loader (ld.so) when processing the GLIBC TUNABLES environment variable. A local attacker could exploit this vulnerability by crafting malicious GLIBC TUNABLES environment variables when launching binaries with SUID permission, potentially leading to code execution with elevated privileges.
Recommendations Update glibc to version 2.38.0.27.750a45a783-alt1 or later. Update glibc to version 2.32-alt5.p10.2 or later.

Exploit

Correção

LPE

Heap Based Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-787

Identificadores relacionados

ALSA-2023:5453
ALSA-2023:5455
ALSA-2023_5453
ALSA-2023_5455
ALT-PU-2023-6087
ALT-PU-2023-6088
ALT-PU-2023-6180
AZL-31117
AZL-34733
BDU:2023-06269
CESA-2023_5455
CVE-2023-4911
DSA-5514-1
ELSA-2023-12850
ELSA-2023-12851
ELSA-2023-5453
ELSA-2023-5455
MGASA-2023-0286
OESA-2023-1723
OESA-2023-1724
OESA-2023-1725
OPENSUSE-SU-2024:13294-1
RHSA-2023:5453
RHSA-2023:5454
RHSA-2023:5455
RHSA-2023:5476
RHSA-2023_5453
RHSA-2023_5455
RHSA-2024:0033
RLSA-2023:5455
RLSA-2023_5455
ROSA-SA-2024-2331
USN-6409-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Ubuntu
Glibc