#VU76757 Memory leak in libcap


Published: 2023-06-01

Vulnerability identifier: #VU76757

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2602

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libcap
Other software / Other software solutions

Vendor:

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/6999699

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Custom Metrics Autoscaler Operator for Red Hat OpenShift
Multiple vulnerabilities in Netcool Operations Insight
Multiple vulnerabilities in Service Telemetry Framework 1.5
Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
Multiple vulnerabilities in IBM Cloud Pak for Network Automation
Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak
Multiple vulnerabilities in OpenShift Virtualization 4.12
Multiple vulnerabilities in IBM Operational Decision Manager
Multiple vulnerabilities in Red Hat OpenShift Pipelines 1.10
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12