Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-0687

MEDIUM
Published 2023-02-06T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-0687. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
4.6
/10
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.162
Higher than 16.2% of all CVEs

Attack Vector Metrics

Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
LOW

Description

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

GNU

C Library

Affected Versions:

2.38

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-5r4p-4pqv-gqhw

Advisory Details

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-0687
WEB https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo%40yuriev.ru
WEB https://patchwork.sourceware.org/project/glibc/patch/[email protected]
WEB https://sourceware.org/bugzilla/show_bug.cgi?id=29444
WEB https://vuldb.com/?ctiid.220246
WEB https://vuldb.com/?id.220246

Advisory provided by GitHub Security Advisory Database. Published: February 6, 2023, Modified: February 14, 2024

References

https://vuldb.com/?id.220246
https://vuldb.com/?ctiid.220246
https://sourceware.org/bugzilla/show_bug.cgi?id=29444
https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo%40yuriev.ru/
Published: 2023-02-06T00:00:00
Last Modified: 2024-11-25T15:41:37.840Z
Copied to clipboard!