vulnerability
Amazon Linux 2023: CVE-2023-24056: Medium priority package update for pkgconf
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | 2023-01-21 | 2025-02-17 | 2025-02-17 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-01-21
Added
2025-02-17
Modified
2025-02-17
Description
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.
A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.
Solution(s)
amazon-linux-2023-upgrade-libpkgconfamazon-linux-2023-upgrade-libpkgconf-debuginfoamazon-linux-2023-upgrade-libpkgconf-develamazon-linux-2023-upgrade-pkgconfamazon-linux-2023-upgrade-pkgconf-debuginfoamazon-linux-2023-upgrade-pkgconf-debugsourceamazon-linux-2023-upgrade-pkgconf-m4amazon-linux-2023-upgrade-pkgconf-pkg-config
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.