CVE-2023-0687

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNU C Library version 2.38

Description A critical issue has been identified in the GNU C Library, affecting the monstartup function of the gmon.c file in the Call Graph Monitor component. This issue leads to a buffer overflow. The inputs that trigger this issue are typically addresses of a running application built with gmon enabled, which can be considered trusted input or input that requires an actual security flaw to be compromised or controlled. The existence of this issue is still under scrutiny.

Recommendations To fix this issue, it is recommended to apply a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2023-00731

CVE-2023-0687

OESA-2023-1131

OPENSUSE-SU-2023_3825-1

OPENSUSE-SU-2024:12816-1

SUSE-SU-2023:1718-1

SUSE-SU-2023:1718-2

SUSE-SU-2023:3695-1

SUSE-SU-2023:3825-1

SUSE-SU-2023_1718-1

Affected Products

Gnu C Library

Red Os

Suse

CVE-2023-0687

Weakness Enumeration

Related Identifiers

Affected Products

References · 155