CVE-2023-39976

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libqb versions prior to 2.0.8

Description The issue is related to a buffer overflow in the log blackbox.c component of the libqb library. This occurs due to the lack of input size validation when copying data, allowing an attacker to potentially execute arbitrary code remotely. The buffer overflow is triggered by long log messages because the header size is not considered.

Recommendations For versions prior to 2.0.8, update to version 2.0.8 or later to resolve the issue. As a temporary workaround, consider restricting the length of log messages to prevent exploitation until a patch is applied.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2023:6578

ALT-PU-2023-5212

ALT-PU-2024-2247

ALT-PU-2024-5982

AZL-27859

AZL-36957

BDU:2024-01535

CVE-2023-39976

MGASA-2023-0339

OPENSUSE-SU-2023_3728-1

OPENSUSE-SU-2023_3897-1

OPENSUSE-SU-2023_3944-1

OPENSUSE-SU-2024:13450-1

RHSA-2023:5597

RHSA-2023:6578

RHSA-2023:7376

RHSA-2023_6578

SUSE-SU-2023:3727-1

SUSE-SU-2023:3728-1

SUSE-SU-2023:3897-1

SUSE-SU-2023:3944-1

SUSE-SU-2023_3727-1

SUSE-SU-2023_3728-1

SUSE-SU-2023_3897-1

SUSE-SU-2023_3944-1

USN-6308-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Linuxmint

Red Hat

Suse

Ubuntu

Libqb

CVE-2023-39976

Weakness Enumeration

Related Identifiers

Affected Products

References · 45