Bug 1214597 (CVE-2023-30078) - VUL-0: CVE-2023-30078: libeconf: Stack overflow in function econf_writeFile at atlibeconf/lib/libeconf.c
Summary: VUL-0: CVE-2023-30078: libeconf: Stack overflow in function econf_writeFile a...
Status: RESOLVED DUPLICATE of bug 1211078
Alias: CVE-2023-30078
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Stefan Schubert
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/376080/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-30078:7.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-25 06:24 UTC by Stoyan Manolov
Modified: 2023-09-06 15:16 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Stefan Schubert 2023-09-05 14:35:42 UTC 
ok, reopen
Comment 4 Stefan Schubert 2023-09-05 15:09:29 UTC 
(In reply to Stoyan Manolov from comment #0)
> CVE-2023-30078
> 
> A stack overflow vulnerability exists in function econf_writeFile in file
> atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a
> Denial of service or execute arbitrary code.
> 
> References:
> 
> https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-
> write-string-data.c
> https://github.com/openSUSE/libeconf/issues/178

This issue has already the Nr. : CVE-2023-32181 
So which one shall I use for it ?
Comment 5 Stefan Schubert 2023-09-05 15:10:41 UTC 
Also see: https://bugzilla.suse.com/show_bug.cgi?id=1211078
Comment 6 Stefan Schubert 2023-09-06 15:16:17 UTC 
I will combine the bugs....

*** This bug has been marked as a duplicate of bug 1211078 ***