CVE-2023-2602

LOW

libcap - Memory Corruption

Title source: llm

Description

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2209114

[Exploit, Technical Description] https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (10)

libcap_project/libcap

redhat/enterprise_linux

debian/debian_linux

fedoraproject/fedora

Timeline

Published Jun 06, 2023

Tracked Since Feb 18, 2026