Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4911
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Glibc: buffer overflow in ld.so leading to privilege escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
glibc 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
glibc(GNU C Library)是GNU计划所实现的C标准库。 glibc存在缓冲区错误漏洞,该漏洞源于动态加载程序ld.so存在缓冲区溢出漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 8 0:2.28-225.el8_8.6 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8 0:2.28-225.el8_8.6 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support 0:2.28-189.6.el8_6 ~ * cpe:/o:redhat:rhel_eus:8.6::baseos
Red HatRed Hat Enterprise Linux 9 0:2.34-60.el9_2.7 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:2.34-60.el9_2.7 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support 0:2.34-28.el9_0.4 ~ * cpe:/a:redhat:rhel_eus:9.0::appstream
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 8 0:2.28-189.6.el8_6 ~ * cpe:/o:redhat:rhel_eus:8.6::baseos
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 8 0:4.5.3-10.el8ev ~ * cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 8 0:4.5.3-202312060823_8.6 ~ * cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
II. Public POCs for CVE-2023-4911
#POC DescriptionSource LinkShenlong Link
1https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://github.com/Green-Avocado/CVE-2023-4911POC Details
2PoC for CVE-2023-4911https://github.com/leesh3288/CVE-2023-4911POC Details
3CVE-2023-4911 proof of concepthttps://github.com/RickdeJager/CVE-2023-4911POC Details
4Nonehttps://github.com/xiaoQ1z/CVE-2023-4911POC Details
5CVE-2023-4911https://github.com/silent6trinity/looney-tuneablesPOC Details
6Nonehttps://github.com/hadrian3689/looney-tunables-CVE-2023-4911POC Details
7CVE-2023-4911https://github.com/ruycr4ft/CVE-2023-4911POC Details
8PoC for CVE-2023-4911 LooneyTuneableshttps://github.com/guffre/CVE-2023-4911POC Details
9Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.https://github.com/chaudharyarjun/LooneyPwnerPOC Details
10Looney Tunables Local privilege escalation (CVE-2023-4911) workshophttps://github.com/KernelKrise/CVE-2023-4911POC Details
11Proof of concept for CVE-2023-4911 (Looney Tunables) discovered by Qualys Threat Research Unit https://github.com/Diego-AltF4/CVE-2023-4911POC Details
12Looney Tunables CVE-2023-4911https://github.com/teraGL/looneyCVEPOC Details
13PoC of CVE-2023-4911https://github.com/snurkeburk/Looney-TunablesPOC Details
14Nonehttps://github.com/puckiestyle/CVE-2023-4911POC Details
15Nonehttps://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911POC Details
16Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables. https://github.com/NishanthAnand21/CVE-2023-4911-PoCPOC Details
17PoC for CVE-2023-4911https://github.com/xem6/CVE-2023-4911POC Details
18CVE-2023-4911-Looney-Tunableshttps://github.com/Billar42/CVE-2023-4911POC Details
19Nonehttps://github.com/dungNHVhust/CVE-2023-4911POC Details
20CVE-2023-4911 exploithttps://github.com/shacojx/CVE-2023-4911-ExploitPOC Details
21Nonehttps://github.com/KillReal01/CVE-2023-4911POC Details
22A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2023/CVE-2023-4911.yamlPOC Details
23Nonehttps://github.com/RRespxwnss/Looney-Tunables-CVE-2023-4911POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-4911
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-122
V. Comments for CVE-2023-4911

No comments yet

Leave a comment