CVE-2023-24056

MEDIUM

pkgconf < 1.9.3 - Out-of-bounds Write via Tuple Parsing

Title source: llm
STIX 2.1

Description

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0052
EPSS Percentile 40.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (1)
pkgconf/pkgconf < 1.9.3
Published Jan 22, 2023
Tracked Since Feb 18, 2026