CVE-2023-0687

CVSS V2 None CVSS V3 None
Description
** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
Overview
  • CVE ID
  • CVE-2023-0687
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-02-06T19:15:10
  • Last Modified Date
  • 2023-02-24T19:15:11
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo@yuriev.ru/ Patch Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=29444 Issue Tracking Patch Third Party Advisory
https://vuldb.com/?ctiid.220246 Permissions Required Third Party Advisory
https://vuldb.com/?id.220246 Permissions Required Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-0687
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0687
History
Created Old Value New Value Data Type Notes
2023-04-17 07:15:05 Added to TrackCVE
2023-04-17 07:15:08 Weakness Enumeration new
2023-04-17 08:10:36 CPE Information updated
2023-04-17 08:10:36 CVSS V3 information new
2023-04-17 08:10:36 CVSS V2 information new