A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. (CVE-2023-4911)

Impact

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
f5 ssl orchestratoreq16.1.3
f5 ssl orchestratoreq17.1.0
big-ip next cgnat cnfeq1.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
f5 ssl orchestrator	eq	16.1.3
f5 ssl orchestrator	eq	17.1.0
big-ip next cgnat cnf	eq	1.1.0

Rows per page:

1-10 of 4571

ubuntucve 1

prion 1

cgr 1

redhat 69

nessus 31

ibm 8

githubexploit 16

debiancve 1

packetstorm 2

osv 6

redhatcve 1

mageia 1

cbl_mariner 1

oraclelinux 8

broadcom 1

rosalinux 2

nvd 1

zdt 2

cisa_kev 1

attackerkb 1

openvas 10

wolfi 1

hivepro 2

cvelist 1

kitploit 1

cve 1

qualysblog 1

metasploit 1

github 1

ubuntu 1

cloudfoundry 1

thn 3

debian 1

fedora 3

rocky 1

gentoo 1

almalinux 2

rapid7blog 1

photon 1

avleonov 1

oracle 2

ics 1

ubuntucve

CVE-2023-4911

2023-10-03 00:00:00

prion

Buffer overflow

2023-10-03 18:15:00

cgr

CVE-2023-4911 vulnerabilities

2024-05-19 03:07:16

redhat

(RHSA-2024:0033) Moderate: Red Hat Virtualization Host 4.4.z SP 1 security update

2024-01-03 14:02:59

(RHSA-2023:5454) Important: glibc security update

2023-10-05 10:06:44

(RHSA-2023:5476) Important: glibc security update

2023-10-05 13:52:32

nessus

RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2024:0033)

2024-01-03 00:00:00

RHEL 8 : glibc (RHSA-2023:5476)

2023-10-05 00:00:00

CBL Mariner 2.0 Security Update: glibc (CVE-2023-4911)

2023-10-13 00:00:00

ibm

Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2023-4911)

2023-12-04 10:46:37

Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)

2023-11-14 21:53:56

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes

2023-11-16 16:21:31

githubexploit

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-14 02:24:52

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-04 14:32:49

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-11 14:49:22

debiancve

CVE-2023-4911

2023-10-03 18:15:10

packetstorm

Glibc Tunables Privilege Escalation

2023-12-21 00:00:00

glibc ld.so Local Privilege Escalation

2023-10-06 00:00:00

osv

glibc - security update

2023-10-03 00:00:00

CVE-2023-4911

2023-10-03 18:15:10

glibc vulnerabilities

2023-10-03 18:04:23

redhatcve

CVE-2023-4911

2023-10-03 17:24:53

mageia

Updated glibc packages fix a security vulnerability

2023-10-12 00:04:02

cbl_mariner

CVE-2023-4911 affecting package glibc for versions less than 2.35-5

2023-10-11 01:41:59

oraclelinux

glibc security update

2023-10-05 00:00:00

glibc security update

2023-10-09 00:00:00

glibc security update

2023-10-05 00:00:00

broadcom

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so

2024-01-17 00:00:00

rosalinux

Advisory ROSA-SA-2024-2331

2024-01-30 08:06:33

Advisory ROSA-SA-2024-2332

2024-01-30 08:26:13

nvd

CVE-2023-4911

2023-10-03 18:15:10

zdt

Glibc Tunables Privilege Escalation Exploit

2023-12-21 00:00:00

glibc ld.so Local Privilege Escalation Vulnerability

2023-10-08 00:00:00

cisa_kev

GNU C Library Buffer Overflow Vulnerability

2023-11-21 00:00:00

attackerkb

CVE-2023-4911

2023-10-03 00:00:00

openvas

Mageia: Security Advisory (MGASA-2023-0286)

2023-10-12 00:00:00

Ubuntu: Security Advisory (USN-6409-1)

2023-10-04 00:00:00

Debian: Security Advisory (DSA-5514-1)

2023-10-04 00:00:00

wolfi

CVE-2023-4911 vulnerabilities

2024-07-03 03:08:38

hivepro

‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc

2023-10-05 10:18:37

Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments

2023-11-07 08:23:12

cvelist

CVE-2023-4911 Glibc: buffer overflow in ld.so leading to privilege escalation

2023-10-03 17:25:08

kitploit

LooneyPwner - Exploit Tool For CVE-2023-4911, Targeting The 'Looney Tunables' Glibc Vulnerability In Various Linux Distributions

2023-10-27 11:30:00

cve

CVE-2023-4911

2023-10-03 18:15:10

qualysblog

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

2023-10-03 17:21:22

metasploit

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)

2023-12-14 23:28:43

github

Cueing up a calculator: an introduction to exploit development on Linux

2023-12-06 17:30:42

ubuntu

GNU C Library vulnerabilities

2023-10-03 00:00:00

cloudfoundry

USN-6409-1: GNU C Library vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

thn

Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

2023-11-03 13:12:00

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

2024-01-31 05:44:00

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21:00

debian

[SECURITY] [DSA 5514-1] glibc security update

2023-10-03 17:26:13

fedora

[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37

2023-10-04 15:49:21

[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38

2023-10-04 15:52:08

[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39

2023-10-04 17:16:19

rocky

glibc security update

2023-10-06 22:57:06

gentoo

glibc: Multiple vulnerabilities

2023-10-04 00:00:00

almalinux

Important: glibc security update

2023-10-05 00:00:00

Important: glibc security update

2023-10-05 00:00:00

rapid7blog

Metasploit Weekly Wrap-Up

2023-12-22 16:32:56

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0110

2023-10-06 00:00:00

avleonov

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2023-11-05 18:39:59

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for F5:K000137187