Gnu · Glibc · CVE-2023-4911
**Name of the Vulnerable Software and Affected Versions**
glibc versions 2.32-alt5.p10.2 through 2.38.0.27.750a45a783-alt1
**Description**
This update addresses a buffer overflow vulnerability in the GNU C Library’s dynamic loader (ld.so) when processing the GLIBC TUNABLES environment variable. A local attacker could exploit this vulnerability by crafting malicious GLIBC TUNABLES environment variables when launching binaries with SUID permission, potentially leading to code execution with elevated privileges.
**Recommendations**
Update glibc to version 2.38.0.27.750a45a783-alt1 or later.
Update glibc to version 2.32-alt5.p10.2 or later.