cve/CVE-2023-25139.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2023-25139

Description

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ortelius/ms-compitem-crud
https://github.com/ortelius/ms-dep-pkg-cud
https://github.com/ortelius/ms-dep-pkg-r
https://github.com/ortelius/ms-sbom-export
https://github.com/ortelius/ms-scorecard
https://github.com/ortelius/ms-textfile-crud

1.2 KiB Raw Permalink Blame History

CVE-2023-25139

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History