[Debian] High CVE: CVE-2023-4911 glibc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Li Zhou |
Bug Description
CVE-2023-4911: https:/
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Base Score: High
Reference:
['libc6_
https:/
https:/
CVE References
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
description: | updated |
description: | updated |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/898081
Review: https:/