CVE-2023-4911

CVE Database · CVE-2023-4911

CVE-2023-4911

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

78.61%

Published

Oct 3, 2023

Modified

May 12, 2026

CISA Known Exploited Vulnerability

Added: 2023-11-21 · Due: 2023-12-12

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (10)

All weaponized →

Exploit-DBglibc 2.38 - Buffer Overflow TrickestTrickest PoC index GitHub PoCleesh3288/CVE-2023-4911★392 GitHub PoCRickdeJager/CVE-2023-4911★167 GitHub PoCchaudharyarjun/LooneyPwner★42 GitHub PoChadrian3689/looney-tunables-CVE-2023-4911★29 GitHub PoCruycr4ft/CVE-2023-4911★18 GitHub PoCKernelKrise/CVE-2023-4911★17 GitHub PoCGreen-Avocado/CVE-2023-4911★15 GitHub PoCDiego-AltF4/CVE-2023-4911★9

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-122CWE-787

Affected Products (83)

netapp · bootstrap_osvulnerable

netapp · hci_compute_node

siemens · simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwarevulnerable

siemens · simatic_s7-1500_cpu_1518-4_pn\/dp_mfp

siemens · simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwarevulnerable

siemens · simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp

siemens · siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwarevulnerable