CVE-2023-25139

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-787
View all →

Vulnerability Description

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

Related Vulnerabilities

CVE-2007-0899

CRITICAL
CVSS:9.8(Critical)

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

CWE-7872007

CVE-2010-4344

CRITICAL
CVSS:9.8(Critical)

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conju...

CWE-7872010

CVE-2011-1180

CRITICAL
CVSS:9.8(Critical)

Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory...

CWE-7872011

CVE-2011-2462

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute ar...

CWE-7872011

CVE-2011-4372

CRITICAL
CVSS:9.8(Critical)

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...

CWE-7872011