Bug 1214598 (CVE-2023-30079) - VUL-0: CVE-2023-30079: libeconf: Stack overflow in function read_file at atlibeconf/lib/getfilecontents.c
Summary: VUL-0: CVE-2023-30079: libeconf: Stack overflow in function read_file at atli...
Status: RESOLVED DUPLICATE of bug 1211078
Alias: CVE-2023-30079
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Stefan Schubert
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/376081/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-30079:7.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-25 06:26 UTC by Stoyan Manolov
Modified: 2023-09-06 15:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Stefan Schubert 2023-09-05 14:37:15 UTC 
ok, reopen
Comment 4 Stefan Schubert 2023-09-05 15:06:08 UTC 
(In reply to Stoyan Manolov from comment #0)
> CVE-2023-30079
> 
> A stack overflow vulnerability exists in function read_file in
> atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause
> a Denial of service or execute arbitrary code.
> 
> References:
> 
> https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-
> logindefs1.c
> https://github.com/openSUSE/libeconf/issues/177

The issue 177 has already the number CVE-2023-22652.
So, which one shall I use ?
Comment 5 Stefan Schubert 2023-09-06 15:17:07 UTC 
I will combine the bugs....

*** This bug has been marked as a duplicate of bug 1211078 ***