|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-30079: libeconf: Stack overflow in function read_file at atlibeconf/lib/getfilecontents.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Stoyan Manolov <stoyan.manolov> |
| Component: | Incidents | Assignee: | Stefan Schubert <schubi> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | security-team, stoyan.manolov |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/376081/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-30079:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Stoyan Manolov
2023-08-25 06:26:28 UTC
ok, reopen (In reply to Stoyan Manolov from comment #0) > CVE-2023-30079 > > A stack overflow vulnerability exists in function read_file in > atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause > a Denial of service or execute arbitrary code. > > References: > > https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst- > logindefs1.c > https://github.com/openSUSE/libeconf/issues/177 The issue 177 has already the number CVE-2023-22652. So, which one shall I use ? I will combine the bugs.... *** This bug has been marked as a duplicate of bug 1211078 *** |