Description
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- openSUSE / libeconf? – 0.5.2
References
- MISChttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652
- MISChttps://https://github.com/openSUSE/libeconf/issues/177
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/