CVE-2023-25139

Name of the Vulnerable Software and Affected Versions glibc version 2.37

Description The issue is caused by a buffer overflow in the sprintf function of the GNU C Library (glibc). This overflow occurs when the function attempts to write a padded, thousands-separated string representation of a number into a buffer that is allocated the exact size required to represent that number as a string. For example, the number 1,234,567 with padding to 13 characters can cause an overflow of two bytes. This may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For glibc version 2.37, consider disabling the sprintf function until a patch is available to prevent potential buffer overflows. Restrict the use of the sprintf function with padded, thousands-separated string representations of numbers to minimize the risk of exploitation. Avoid using the sprintf function with buffers allocated to the exact size required to represent a number as a string until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.