A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
History

Tue, 17 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu Linux
Debian
Debian debian Linux
CPEs cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
Vendors & Products Canonical
Canonical ubuntu Linux
Debian
Debian debian Linux

Mon, 16 Sep 2024 14:45:00 +0000


Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-03T17:25:08.434Z

Updated: 2024-09-16T13:49:25.654Z

Reserved: 2023-09-12T13:10:32.495Z

Link: CVE-2023-4911

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-10-03T18:15:10.463

Modified: 2024-09-17T19:46:45.837

Link: CVE-2023-4911

cve-icon Redhat

Severity : Important

Publid Date: 2023-10-03T17:00:00Z

Links: CVE-2023-4911 - Bugzilla