#VU76757 Memory leak in libcap


Vulnerability identifier: #VU76757

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2602

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libcap
Other software / Other software solutions

Vendor:

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/6999699

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat OpenShift Dev Spaces 3.17
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces
Multiple vulnerabilities in Dell ObjectScale
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces
Multiple vulnerabilities in OpenShift Service Mesh 2.4
Multiple vulnerabilities in OpenShift Service Mesh 2.5
Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in Custom Metrics Autoscaler Operator for Red Hat OpenShift
Multiple vulnerabilities in Netcool Operations Insight
Multiple vulnerabilities in Service Telemetry Framework 1.5