Buffer Overflow Vulnerability in GNU C Library Affects Call Graph Monitor Functionality
CVE-2023-0687

4.6MEDIUM

Key Information:

Vendor: Gnu
Status: C Library
Vendor: CVE Published:; 6 February 2023

What is CVE-2023-0687?

A buffer overflow vulnerability has been identified in the GNU C Library version 2.38, specifically within the __monstartup function of the Call Graph Monitor component. This vulnerability may occur when handling inputs that are addresses originating from applications built with gmon enabled. While the inputs are generally considered trusted, the potential for exploitation exists if a security flaw is present in the application. It is advisable to implement the patch offered to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

C Library 2.38

References

https://vuldb.com/?id.220246

https://vuldb.com/?ctiid.220246

https://sourceware.org/bugzilla/show_bug.cgi?id=29444

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Feb 6, 2023

JSON

Gnu