Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Mageia: 2023-0077 Critical: pkgconf Unbounded String Issue

mageia
Calendar Grey March 1, 2023
Dist Mageia Esm H88
Mageia releases an update for pkgconf to address a severe security vulnerability related to unchecked string expansion in all versions prior to 1.9.3.
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse

Summary

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. (CVE-2023-24056)

References

- https://bugs.mageia.org/show_bug.cgi?id=31536

-

- https://www.cve.org/CVERecord?id=CVE-2023-24056

Topics%20covered

Topics Covered

security advisory critical Mageia pkgconf string expansion

Resolution

SRPMS

- 8/core/pkgconf-1.7.3-2.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 01 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0077.html
Type: security
CVE: CVE-2023-24056

Topics%20covered

Topics Covered

security advisory critical Mageia pkgconf string expansion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here