« List of all CVEs

CVE-2023-4911

Glibc: buffer overflow in ld.so leading to privilege escalation

Published: 10/3/2023 Last updated: 2/13/2026 Reserved: 9/12/2023

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (1)

gettext-stub

Products affected (14)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat 1.14.6
Red Hat Enterprise Linux 7 Red Hat <= V
Red Hat Enterprise Linux 7 Red Hat < 1.3.9
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat < 5.9.0
Red Hat Enterprise Linux 9 Red Hat <= 3.2.0
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat <= 1.68(ZG)
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat <= 1.74(ZE)
Red Hat Enterprise Linux 7 Red Hat <= 1.39(ZA)
Red Hat Enterprise Linux 8 Red Hat < 24.07.2025
Red Hat Enterprise Linux 6 Red Hat <= ZC
<= *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat <= R
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat 825.8010.00
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat <= ZC

References (72)

Credits (2)