CVE-2023-22652
Summary
| CVE | CVE-2023-22652 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-01 12:15:00 UTC |
| Updated | 2023-09-13 03:15:00 UTC |
| Description | A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| https/github.com/openSUSE/libeconf/issues/177 | MISC | https | |
| [SECURITY] Fedora 37 Update: libeconf-0.5.2-1.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: libeconf-0.5.2-1.fc38 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 39 Update: libeconf-0.5.2-1.fc39 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| 1211078 – (CVE-2023-22652, CVE-2023-32181) VUL-0: CVE-2023-22652, CVE-2023-32181: libeconf: Two stack-buffer-overflow issues | MISC | bugzilla.suse.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160829 Oracle Enterprise Linux Security Update for libeconf (ELSA-2023-4347)
- 241895 Red Hat Update for libeconf (RHSA-2023:4347)
- 285287 Fedora Security Update for libeconf (FEDORA-2023-86b710bb4f)
- 355461 Amazon Linux Security Advisory for libeconf : ALAS2023-2023-227
- 755015 SUSE Enterprise Linux Security Update for libeconf (SUSE-SU-2023:3954-1)
- 941205 AlmaLinux Security Update for libeconf (ALSA-2023:4347)
- 961039 Rocky Linux Security Update for libeconf (RLSA-2023:4347)