Main Vulnerability Database SB2023111058

SB2023111058 - Heap-based buffer overflow in FreeBSD libc

Published: November 10, 2023

Security Bulletin ID SB2023111058

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap-based buffer overflow (CVE-ID: CVE-2023-5941)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the __sflush() function in libc. A remote attacker can pass specially crafted data to the application that is using the affected library, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

The vulnerability can be used to escalate privileges or remotely execute arbitrary code. The attack vector depends on the application or daemon that uses the vulnerable libc version.

Remediation

Install update from vendor's website.

References

https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc