CVE-2023-0687

N/A

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

GNU C Library 安全漏洞

GNU C Library（glibc，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.38版本存在安全漏洞。攻击者利用该漏洞导致缓冲区溢出。

N/A

N/A