Bug 893440 (CVE-2023-0687)

Summary:	sys-libs/glibc: Buffer overflow in gmon
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	toolchain
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://sourceware.org/bugzilla/show_bug.cgi?id=29444
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=893442
Whiteboard:	?? [upstream]
Package list:		Runtime testing required:	---

Description Sam James archtester

2023-02-07 04:12:35 UTC

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. 

[No fix backported to release/2.37 yet.]

Comment 1 Sam James archtester

2023-02-07 22:19:06 UTC

Disputed because trusted input: https://inbox.sourceware.org/libc-alpha/xn4jrxcegm.fsf@greed.delorie.com/T/#m567f7e4234f3fbf1586351981dbda98f448ccd60