CVE-2023-4911 - Buffer Overflow

Severity: High2024-01-30

Security Advisories

Abstract

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

The Oxygen products incorporate GNU C as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v4.0 and olderLow N/A

Mitigation

None

Detail

CVE-2023-4911

Severity: High

CVSS Score: 7.8

The GNU C third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-4911 vulnerability description. Oxygen Feedback product's design incorporates security measures that significantly reduce the exploitation risks of this vulnerability. For that reason we rated this vulnerability as low.

List of Security Advisories