CVE-2023-22652

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.
This issue affects libeconf: before 0.5.2.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
opensuselibeconf
𝑥
< 0.5.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libeconf
bookworm
ignored
bullseye
no-dsa
sid
0.7.6+dfsg1-1
fixed
trixie
0.7.6+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libeconf
bionic
ignored
focal
dne
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libeconf-devel
suse enterprise desktop 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise sap 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise server 15 SP7
0.5.2-150400.3.6.1
fixed
libeconf0
suse enterprise desktop 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise sap 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise server 15 SP7
0.5.2-150400.3.6.1
fixed
libeconf0-32bit
suse enterprise desktop 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise sap 15 SP7
0.5.2-150400.3.6.1
fixed
suse enterprise server 15 SP7
0.5.2-150400.3.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libeconf
RHEL 9
0:0.4.1-3.el9_2
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652
https://https://github.com/openSUSE/libeconf/issues/177
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652
https://https://github.com/openSUSE/libeconf/issues/177
https://lists.debian.org/debian-lts-announce/2025/05/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/
https://github.com/openSUSE/libeconf/issues/177