CVE-2023-30079

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libeconf version 0.5.1

Description The issue is related to a stack overflow vulnerability in the read file() function of the libeconf library, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is associated with a buffer overflow in memory.

Recommendations For libeconf version 0.5.1, consider disabling the read file() function as a temporary workaround until a patch is available. Restrict access to the getfilecontents.c module to minimize the risk of exploitation. Avoid using the read file() function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2023-05907

CVE-2023-30079

OPENSUSE-SU-2023_3954-1

OPENSUSE-SU-2024:13221-1

RHSA-2023:4347

RHSA-2023:5458

RHSA-2023_4347

RLSA-2023:4347

SUSE-SU-2023:3639-1

SUSE-SU-2023:3954-1

SUSE-SU-2023:3954-2

SUSE-SU-2024:2426-1

Affected Products

Red Hat

Rocky Linux

Suse

Libeconf

CVE-2023-30079

Weakness Enumeration

Related Identifiers

Affected Products

References · 45