CVE-2023-25139 (https://sourceware.org/bugzilla/show_bug.cgi?id=30068): sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. [No fix on release/2.37 yet.]
Fixed in patchset 2
This affects only 2.37 and all affected versions are long gone from Gentoo.
(In reply to Andreas K. Hüttel from comment #2) > This affects only 2.37 and all affected versions are long gone from Gentoo. What's the fixed version?
Ah, fixed with this commit, I guess: commit 3f5305f584de1481159876f4c174aa87cfce1c89 Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Wed Feb 8 15:57:16 2023 +0100 sys-libs/glibc: bump 2.37 to patchset 2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 2 +- sys-libs/glibc/glibc-2.37.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) So affected 2.37 was never even keyworded. All done then. 2.37 was both unaffected and affected, but that still doesn't matter much because it was never keyworded.
