Description
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
Problem types
Missing Release of Memory after Effective Lifetime
Product status
Timeline
| 2023-09-25: | Reported to Red Hat. |
| 2023-09-25: | Made public. |
Credits
Red Hat would like to thank Romain Geissler for reporting this issue.
References
www.openwall.com/lists/oss-security/2023/10/03/4
www.openwall.com/lists/oss-security/2023/10/03/5
www.openwall.com/lists/oss-security/2023/10/03/6
www.openwall.com/lists/oss-security/2023/10/03/8
access.redhat.com/security/cve/CVE-2023-5156
bugzilla.redhat.com/show_bug.cgi?id=2240541 (RHBZ#2240541)
security.gentoo.org/glsa/202402-01
sourceware.org/bugzilla/show_bug.cgi?id=30884
sourceware.org/...h=ec6b95c3303c700eb89eebeda2d7264cc184a796
access.redhat.com/security/cve/CVE-2023-5156
bugzilla.redhat.com/show_bug.cgi?id=2240541 (RHBZ#2240541)
sourceware.org/bugzilla/show_bug.cgi?id=30884
sourceware.org/...h=ec6b95c3303c700eb89eebeda2d7264cc184a796
