#VU76757 Memory leak in libcap - CVE-2023-2602


Vulnerability identifier: #VU76757

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2602

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libcap
Other software / Other software solutions

Vendor: www.friedhoff.org

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libcap: before 2.69

External links
https://www.ibm.com/support/pages/node/6999699

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for libcap
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.5
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces 3.17
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces
Multiple vulnerabilities in Dell ObjectScale
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces
Multiple vulnerabilities in OpenShift Service Mesh 2.4
Multiple vulnerabilities in OpenShift Service Mesh 2.5
Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in Custom Metrics Autoscaler Operator for Red Hat OpenShift