CVE-2023-0687
Last modified
CVE-2023-0687 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability was found in GNU C Library 2.38. It has been declared as critical. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | < 2.38 |
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=29444Issue Tracking, Patch, Third Party Advisory
- https://vuldb.com/?ctiid.220246Permissions Required, Third Party Advisory
- https://vuldb.com/?id.220246Permissions Required, Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=29444Issue Tracking, Patch, Third Party Advisory
- https://vuldb.com/?ctiid.220246Permissions Required, Third Party Advisory
- https://vuldb.com/?id.220246Permissions Required, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0687?
How severe is CVE-2023-0687?
How do I fix CVE-2023-0687?
Are you affected by CVE-2023-0687?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST