CVE-2023-25139

CWE-787Out-of-bounds Write6 documents6 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 64.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedFeb 3

Description

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDgnu/glibc2.37
Alpinempfr4< 4.2.1-r0+4

🔴Vulnerability Details

3
CVEList
CVE-2023-25139: sprintf in the GNU C Library (glibc) 22023-02-03
OSV
CVE-2023-25139: sprintf in the GNU C Library (glibc) 22023-02-03
GHSA
GHSA-2g67-jw5m-244m: sprintf in the GNU C Library (glibc) 22023-02-03

📋Vendor Advisories

2
Red Hat
glibc: incorrect printf output for integers with thousands separator and width field2023-02-03
Debian
CVE-2023-25139: glibc - sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds w...2023
CVE-2023-25139 (CRITICAL CVSS 9.8) | sprintf in the GNU C Library (glibc | cvebase.io