Skip to main content

Pkgconf

2 CVEs product

Monthly

CVE-2023-24056 MEDIUM POC PATCH This Month

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Pkgconf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-1000221 CRITICAL Act Now

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pkgconf
NVD
CVSS 3.0
9.8
EPSS
1.4%
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Pkgconf
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pkgconf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy