CVE-2023-4911

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.32-alt5.p10.2 through 2.38.0.27.750a45a783-alt1

Description This update addresses a buffer overflow vulnerability in the GNU C Library’s dynamic loader (ld.so) when processing the GLIBC TUNABLES environment variable. A local attacker could exploit this vulnerability by crafting malicious GLIBC TUNABLES environment variables when launching binaries with SUID permission, potentially leading to code execution with elevated privileges.

Recommendations Update glibc to version 2.38.0.27.750a45a783-alt1 or later. Update glibc to version 2.32-alt5.p10.2 or later.

Exploit

Fix

LPE

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2023:5453

ALSA-2023:5455

ALSA-2023_5453

ALSA-2023_5455

ALT-PU-2023-6087

ALT-PU-2023-6088

ALT-PU-2023-6180

AZL-31117

AZL-34733

BDU:2023-06269

CESA-2023_5455

CVE-2023-4911

DSA-5514-1

ELSA-2023-12850

ELSA-2023-12851

ELSA-2023-5453

ELSA-2023-5455

MGASA-2023-0286

OESA-2023-1723

OESA-2023-1724

OESA-2023-1725

OPENSUSE-SU-2024:13294-1

RHSA-2023:5453

RHSA-2023:5454

RHSA-2023:5455

RHSA-2023:5476

RHSA-2023_5453

RHSA-2023_5455

RHSA-2024:0033

RLSA-2023:5455

RLSA-2023_5455

ROSA-SA-2024-2331

USN-6409-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Glibc

CVE-2023-4911

Weakness Enumeration

Related Identifiers

Affected Products

References · 272