CVE-2023-2603

Published: Jun 6, 2023Modified: Dec 2, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

Affected (6)

Products: Libcap Project: Libcap · Redhat: Enterprise Linux · Fedoraproject: Fedora · +1 more

Show all products

Libcap Project: Libcap · Redhat: Enterprise Linux · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libcap Project Libcap	Before 2.69

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=2209113

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/

Source: secalert@redhat.com

Broken LinkThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/

Source: secalert@redhat.com

Broken LinkThird Party Advisory

https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

Source: secalert@redhat.com

ExploitTechnical Description

https://bugzilla.redhat.com/show_bug.cgi?id=2209113

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical Description

Timeline

No history available yet.