CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
41.0%
libeconf.so is vulnerable to Buffer Overflows. The vulnerability exists because the input size is not properly checked which allows an attacker to cause a buffer overflow by submitting crafted config files, resulting in an application crash.
bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652
github.com/advisories/GHSA-rgj6-mpw9-qm58
github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
github.com/openSUSE/libeconf/issues/177
github.com/openSUSE/libeconf/pull/183
https://github.com/openSUSE/libeconf/issues/177
lists.fedoraproject.org/archives/list/[email protected]/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/
lists.fedoraproject.org/archives/list/[email protected]/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/
lists.fedoraproject.org/archives/list/[email protected]/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/
security-tracker.debian.org/tracker/CVE-2023-22652