Veracode Vulnerability DatabaseVERACODE:40883

HistoryJun 13, 2023 - 5:43 p.m.

Buffer Overflow

2023-06-1317:43:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

buffer overflow

libeconf.so

input size

application crash

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.0%

JSON

libeconf.so is vulnerable to Buffer Overflows. The vulnerability exists because the input size is not properly checked which allows an attacker to cause a buffer overflow by submitting crafted config files, resulting in an application crash.

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652

github.com/advisories/GHSA-rgj6-mpw9-qm58

github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19

github.com/openSUSE/libeconf/issues/177

github.com/openSUSE/libeconf/pull/183

https://github.com/openSUSE/libeconf/issues/177

lists.fedoraproject.org/archives/list/[email protected]/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/

lists.fedoraproject.org/archives/list/[email protected]/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/

lists.fedoraproject.org/archives/list/[email protected]/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/

security-tracker.debian.org/tracker/CVE-2023-22652

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.0%

JSON

Related for VERACODE:40883