CVE-2023-5156

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-5156

Severity

7.5

High

CVSS CVSS_V3

Description

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

References

https://images.chainguard.dev/security/CGA-vg2w-38fx-mjjj
https://github.com/advisories/GHSA-m7p3-g2hx-xfc3
https://access.redhat.com/security/cve/CVE-2023-5156
https://security.gentoo.org/glsa/202402-01
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
https://bugzilla.redhat.com/show_bug.cgi?id=2240541
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://security-tracker.debian.org/tracker/CVE-2023-5156

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2023-5156

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources