CVE-2023-2603Integer Overflow or Wraparound in Project Libcap

CWE-190Integer Overflow or Wraparound14 documents10 sources
Severity
7.8HIGHNVD
OSV3.3
EPSS
1.2%
top 20.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libcap Project LibcapDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedJun 6
Latest updateJan 24

Description

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5libcap_project/libcapNA

Also affects: Debian Linux 11.0, Fedora 37, 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

5
OSV
libcap2 vulnerability2023-06-19
OSV
libcap2 vulnerabilities2023-06-14
OSV
CVE-2023-2603: A vulnerability was found in libcap2023-06-06
CVEList
CVE-2023-2603: A vulnerability was found in libcap2023-06-06
GHSA
GHSA-wp54-pwvg-rqq5: A vulnerability was found in libcap2023-06-06

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Oracle Linux (libcap) — CVE-2023-26032023-10-15
Ubuntu
libcap2 vulnerability2023-06-19
Ubuntu
libcap2 vulnerabilities2023-06-14
Microsoft
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.2023-06-13
Red Hat
libcap: Integer Overflow in _libcap_strdup()2023-05-16

🕵️Threat Intelligence

2
Trailofbits
Celebrating our 2023 open-source contributions2024-01-24
Trailofbits
Celebrating our 2023 open-source contributions2024-01-24
CVE-2023-2603 — Integer Overflow or Wraparound | cvebase