Vulnerability Details CVE-2023-2603
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 7.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2209113
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
- https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=2209113
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
- https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
Products affected by CVE-2023-2603
-
cpe:2.3:a:libcap_project:libcap:2.00
-
cpe:2.3:a:libcap_project:libcap:2.01
-
cpe:2.3:a:libcap_project:libcap:2.02
-
cpe:2.3:a:libcap_project:libcap:2.04
-
cpe:2.3:a:libcap_project:libcap:2.05
-
cpe:2.3:a:libcap_project:libcap:2.06
-
cpe:2.3:a:libcap_project:libcap:2.07
-
cpe:2.3:a:libcap_project:libcap:2.08
-
cpe:2.3:a:libcap_project:libcap:2.09
-
cpe:2.3:a:libcap_project:libcap:2.10
-
cpe:2.3:a:libcap_project:libcap:2.11
-
cpe:2.3:a:libcap_project:libcap:2.12
-
cpe:2.3:a:libcap_project:libcap:2.13
-
cpe:2.3:a:libcap_project:libcap:2.14
-
cpe:2.3:a:libcap_project:libcap:2.15
-
cpe:2.3:a:libcap_project:libcap:2.16
-
cpe:2.3:a:libcap_project:libcap:2.17
-
cpe:2.3:a:libcap_project:libcap:2.18
-
cpe:2.3:a:libcap_project:libcap:2.19
-
cpe:2.3:a:libcap_project:libcap:2.20
-
cpe:2.3:a:libcap_project:libcap:2.21
-
cpe:2.3:a:libcap_project:libcap:2.22
-
cpe:2.3:a:libcap_project:libcap:2.23
-
cpe:2.3:a:libcap_project:libcap:2.24
-
cpe:2.3:a:libcap_project:libcap:2.25
-
cpe:2.3:a:libcap_project:libcap:2.26
-
cpe:2.3:a:libcap_project:libcap:2.27
-
cpe:2.3:a:libcap_project:libcap:2.28
-
cpe:2.3:a:libcap_project:libcap:2.29
-
cpe:2.3:a:libcap_project:libcap:2.30
-
cpe:2.3:a:libcap_project:libcap:2.31
-
cpe:2.3:a:libcap_project:libcap:2.32
-
cpe:2.3:a:libcap_project:libcap:2.33
-
cpe:2.3:a:libcap_project:libcap:2.34
-
cpe:2.3:a:libcap_project:libcap:2.35
-
cpe:2.3:a:libcap_project:libcap:2.36
-
cpe:2.3:a:libcap_project:libcap:2.37
-
cpe:2.3:a:libcap_project:libcap:2.38
-
cpe:2.3:a:libcap_project:libcap:2.39
-
cpe:2.3:a:libcap_project:libcap:2.40
-
cpe:2.3:a:libcap_project:libcap:2.41
-
cpe:2.3:a:libcap_project:libcap:2.42
-
cpe:2.3:a:libcap_project:libcap:2.43
-
cpe:2.3:a:libcap_project:libcap:2.44
-
cpe:2.3:a:libcap_project:libcap:2.45
-
cpe:2.3:a:libcap_project:libcap:2.46
-
cpe:2.3:a:libcap_project:libcap:2.47
-
cpe:2.3:a:libcap_project:libcap:2.48
-
cpe:2.3:a:libcap_project:libcap:2.49
-
cpe:2.3:a:libcap_project:libcap:2.50
-
cpe:2.3:a:libcap_project:libcap:2.51
-
cpe:2.3:a:libcap_project:libcap:2.52
-
cpe:2.3:a:libcap_project:libcap:2.53
-
cpe:2.3:a:libcap_project:libcap:2.54
-
cpe:2.3:a:libcap_project:libcap:2.55
-
cpe:2.3:a:libcap_project:libcap:2.56
-
cpe:2.3:a:libcap_project:libcap:2.57
-
cpe:2.3:a:libcap_project:libcap:2.58
-
cpe:2.3:a:libcap_project:libcap:2.59
-
cpe:2.3:a:libcap_project:libcap:2.60
-
cpe:2.3:a:libcap_project:libcap:2.61
-
cpe:2.3:a:libcap_project:libcap:2.62
-
cpe:2.3:a:libcap_project:libcap:2.63
-
cpe:2.3:a:libcap_project:libcap:2.64
-
cpe:2.3:a:libcap_project:libcap:2.65
-
cpe:2.3:a:libcap_project:libcap:2.66
-
cpe:2.3:a:libcap_project:libcap:2.67
-
cpe:2.3:a:libcap_project:libcap:2.68
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0