CVE-2023-22652

LOW

Opensuse Libeconf < 0.5.2 - Buffer Overflow

Title source: rule

Description

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.

References (7)

[Issue Tracking, Vendor Advisory] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652

[Broken Link] https://https://github.com/openSUSE/libeconf/issues/177

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00016.html

[Issue Tracking] https://github.com/openSUSE/libeconf/issues/177

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/

Scores

CVSS v3 3.3

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Classification

CWE

CWE-120

Status published

Affected Products (1)

opensuse/libeconf < 0.5.2

Timeline

Published Jun 01, 2023

Tracked Since Feb 18, 2026