openEuler 22.03 LTS update for glibc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-4911 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system glibc-help Operating systems & Components / Operating system package or component nscd Operating systems & Components / Operating system package or component glibc-debugsource Operating systems & Components / Operating system package or component glibc-devel Operating systems & Components / Operating system package or component glibc-nss-devel Operating systems & Components / Operating system package or component libnsl Operating systems & Components / Operating system package or component glibc-debuginfo Operating systems & Components / Operating system package or component nss_modules Operating systems & Components / Operating system package or component glibc-common Operating systems & Components / Operating system package or component glibc-debugutils Operating systems & Components / Operating system package or component glibc-all-langpacks Operating systems & Components / Operating system package or component glibc-locale-archive Operating systems & Components / Operating system package or component glibc-compat-2.17 Operating systems & Components / Operating system package or component glibc-locale-source Operating systems & Components / Operating system package or component glibc Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU81437
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2023-4911
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
glibc-help: before 2.34-137
nscd: before 2.34-137
glibc-debugsource: before 2.34-137
glibc-devel: before 2.34-137
glibc-nss-devel: before 2.34-137
libnsl: before 2.34-137
glibc-debuginfo: before 2.34-137
nss_modules: before 2.34-137
glibc-common: before 2.34-137
glibc-debugutils: before 2.34-137
glibc-all-langpacks: before 2.34-137
glibc-locale-archive: before 2.34-137
glibc-compat-2.17: before 2.34-137
glibc-locale-source: before 2.34-137
glibc: before 2.34-137
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:glibc-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:nscd:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-nss-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:libnsl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:nss_modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-debugutils:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-all-langpacks:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-locale-archive:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-compat-2.17:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc-locale-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:glibc:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1725
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
