CVE-2023-4911 - Buffer Overflow
Severity: High2024-01-30
Abstract
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
The Oxygen products incorporate GNU C as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback v4.0 and older | Low | N/A |
Detail
CVE-2023-4911
Severity: High
CVSS Score: 7.8
The GNU C third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-4911 vulnerability description. Oxygen Feedback product's design incorporates security measures that significantly reduce the exploitation risks of this vulnerability. For that reason we rated this vulnerability as low.