2023-10-23 03:13:22 |
Yue Tao |
description |
CVE-2023-4911: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Base Score: High
Reference:
['libc6_2.31-13+deb11u6_amd64.deb===>libc6_2.31-13+deb11u7_amd64.deb', 'libc6-dev_2.31-13+deb11u6_amd64.deb===>libc6-dev_2.31-13+deb11u7_amd64.deb', 'libc-bin_2.31-13+deb11u6_amd64.deb===>libc-bin_2.31-13+deb11u7_amd64.deb', 'libc-dev-bin_2.31-13+deb11u6_amd64.deb===>libc-dev-bin_2.31-13+deb11u7_amd64.deb', 'libc-l10n_2.31-13+deb11u6_all.deb===>libc-l10n_2.31-13+deb11u7_all.deb', 'locales_2.31-13+deb11u6_all.deb===>locales_2.31-13+deb11u7_all.deb', 'locales-all_2.31-13+deb11u6_amd64.deb===>locales-all_2.31-13+deb11u7_amd64.deb']
https://www.debian.org/security/2023/dsa-5514
https://www.tenable.com/plugins/nessus/182473 |
CVE-2023-4911: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVE-2023-4527: https://nvd.nist.gov/vuln/detail/CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Base Score: High
Reference:
['libc6_2.31-13+deb11u6_amd64.deb===>libc6_2.31-13+deb11u7_amd64.deb', 'libc6-dev_2.31-13+deb11u6_amd64.deb===>libc6-dev_2.31-13+deb11u7_amd64.deb', 'libc-bin_2.31-13+deb11u6_amd64.deb===>libc-bin_2.31-13+deb11u7_amd64.deb', 'libc-dev-bin_2.31-13+deb11u6_amd64.deb===>libc-dev-bin_2.31-13+deb11u7_amd64.deb', 'libc-l10n_2.31-13+deb11u6_all.deb===>libc-l10n_2.31-13+deb11u7_all.deb', 'locales_2.31-13+deb11u6_all.deb===>locales_2.31-13+deb11u7_all.deb', 'locales-all_2.31-13+deb11u6_amd64.deb===>locales-all_2.31-13+deb11u7_amd64.deb']
https://www.debian.org/security/2023/dsa-5514
https://www.tenable.com/plugins/nessus/182473 |
|
2023-10-23 05:26:20 |
Yue Tao |
description |
CVE-2023-4911: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVE-2023-4527: https://nvd.nist.gov/vuln/detail/CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Base Score: High
Reference:
['libc6_2.31-13+deb11u6_amd64.deb===>libc6_2.31-13+deb11u7_amd64.deb', 'libc6-dev_2.31-13+deb11u6_amd64.deb===>libc6-dev_2.31-13+deb11u7_amd64.deb', 'libc-bin_2.31-13+deb11u6_amd64.deb===>libc-bin_2.31-13+deb11u7_amd64.deb', 'libc-dev-bin_2.31-13+deb11u6_amd64.deb===>libc-dev-bin_2.31-13+deb11u7_amd64.deb', 'libc-l10n_2.31-13+deb11u6_all.deb===>libc-l10n_2.31-13+deb11u7_all.deb', 'locales_2.31-13+deb11u6_all.deb===>locales_2.31-13+deb11u7_all.deb', 'locales-all_2.31-13+deb11u6_amd64.deb===>locales-all_2.31-13+deb11u7_amd64.deb']
https://www.debian.org/security/2023/dsa-5514
https://www.tenable.com/plugins/nessus/182473 |
CVE-2023-4911: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Base Score: High
Reference:
['libc6_2.31-13+deb11u6_amd64.deb===>libc6_2.31-13+deb11u7_amd64.deb', 'libc6-dev_2.31-13+deb11u6_amd64.deb===>libc6-dev_2.31-13+deb11u7_amd64.deb', 'libc-bin_2.31-13+deb11u6_amd64.deb===>libc-bin_2.31-13+deb11u7_amd64.deb', 'libc-dev-bin_2.31-13+deb11u6_amd64.deb===>libc-dev-bin_2.31-13+deb11u7_amd64.deb', 'libc-l10n_2.31-13+deb11u6_all.deb===>libc-l10n_2.31-13+deb11u7_all.deb', 'locales_2.31-13+deb11u6_all.deb===>locales_2.31-13+deb11u7_all.deb', 'locales-all_2.31-13+deb11u6_amd64.deb===>locales-all_2.31-13+deb11u7_amd64.deb']
https://www.debian.org/security/2023/dsa-5514
https://www.tenable.com/plugins/nessus/182473 |
|