Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30079

A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.

CVE
#vulnerability#dos

#ifdef HAVE_CONFIG_H # include #endif #include #include #include “libeconf.h” /* Test case: Open default login.defs from shadow and try out if we can read all entries */ int main(int argc, char *argv[]) { econf_file *key_file = NULL; char **keys; size_t key_number; char *val; econf_err error; if ((error = econf_readFile (&key_file, argv[1], "= \t", “#”))) { fprintf (stderr, "ERROR: couldn’t read configuration file: %s\n", econf_errString(error)); return 1; } if ((error = econf_getStringValue (key_file, NULL, "USERGROUPS_ENAB", &val))) { fprintf (stderr, "Error reading USERGROUPS_ENAB: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “USERGROUPS_ENAB returns nothing!\n”); return 1; } else if (strcmp (val, “yes”) != 0) { fprintf (stderr, "USERGROUPS_ENAB returns wrong value: '%s’\n", val); return 1; } free (val); if ((error = econf_getStringValue (key_file, NULL, "ENV_SUPATH", &val))) { fprintf (stderr, "Error reading ENV_SUPATH: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “ENV_SUPATH returns nothing!\n”); return 1; } else if (strcmp (val, “PATH=/sbin:/bin:/usr/sbin:/usr/bin”) != 0) { fprintf (stderr, "ENV_SUPATH returns wrong value: '%s’\n", val); return 1; } free (val); if ((error = econf_getStringValue (key_file, "", "UMASK", &val))) { fprintf (stderr, "Error reading UMASK: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “UMASK returns nothing!\n”); return 1; } else if (strcmp (val, “022”) != 0) { fprintf (stderr, "UMASK returns wrong value: '%s’\n", val); return 1; } free (val); error = econf_getKeys(key_file, NULL, &key_number, &keys); if (error) { fprintf (stderr, "Error getting all keys: %s\n", econf_errString(error)); return 1; } if (key_number == 0) { fprintf (stderr, “No keys found?\n”); return 1; } for (size_t i = 0; i < key_number; i++) { printf ("%zu: %s\n", i, keys[i]); } econf_free (keys); econf_free (key_file); return 0; }

Related news

Red Hat Security Advisory 2023-5458-01

Red Hat Security Advisory 2023-5458-01 - Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

RHSA-2023:5458: Red Hat Security Advisory: libeconf security update

An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30079: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907