GHSA-m77w-6vjw-wh2f · Severity: high — A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the...
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Conclusion & alert: CVE-2023-4911 is rated Critical Active Threat (93.9/100): CVSS High severity, with high exploitation likelihood (EPSS 81.42%, 100th percentile). Core evidence: CISA KEV confirms active exploitation (added 2023-11-21) affecting GNU / GNU C Library. a weakness (CWE-122) Unauthenticated remote administrative access may be possible. EPSS rose +2.82% over the last day, indicating growing attacker interest. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: GNU C Library Buffer Overflow Vulnerability · CISA KEV detail
: 2023-11-21
: 2023-12-12
: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 52479 | exploit_db | edb | 2026-02-11 | Exploit-DB ↗ |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-28 | 78.61% | 81.42% | +2.82% |
| 2 | 2026-06-15 | 65.05% | 78.61% | +13.56% |
| 3 | 2026-06-09 | — | 65.05% | — |
Full EPSS history (133 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
GHSA-m77w-6vjw-wh2f · Severity: high — A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2023-4911 not yet assigned priority: Debian including 1 source packages (glibc), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2023-4911 |
gentoo
|
high | CVE-2023-4911: 1 GLSA(s) (202310-03), 1 atom(s) (sys-libs/glibc); latest impact high. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2023-4911 |
redhat
|
high | — | https://access.redhat.com/security/cve/CVE-2023-4911 |
suse
|
high | CVE-2023-4911 severity important: SUSE including 514 source package names (compat-libpthread-nonshared-2.28-225.el8_8.6, glibc, …), 855 product×package rows across 51 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7.1, … (51 product lines)): Fixed 496, Known Not Affected 359. | https://www.suse.com/security/cve/CVE-2023-4911/ |
ubuntu
|
high | CVE-2023-4911 high priority: Ubuntu including 2 source packages (eglibc, glibc), 18 status rows across 9 suites (bionic, focal, jammy, lunar, mantic, noble, trusty, upstream, xenial): DNE 7, not-affected 4, released 4, needs-triage 2, ignored 1. | https://ubuntu.com/security/CVE-2023-4911 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| netapp | bootstrap_os | — | cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
| siemens | simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware | >= 3.1.5 | cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware | >= 3.1.5 | cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:* |
| siemens | siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware | >= 3.1.5 | cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_s7-1500_tm_mfp_firmware | < 1.1 | cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:*:*:*:*:*:*:*:* |
| gnu | glibc | >= 2.34, < 2.39 | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
| fedoraproject | fedora | 37 | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
| fedoraproject | fedora | 38 | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| fedoraproject | fedora | 39 | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder | 9.0 | cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_eus | 8.6 | cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_eus | 9.2 | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_eus | 9.4 | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_eus | 9.6 | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.6:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_arm64_eus | 8.6 | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4_aarch64 | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_arm64_eus | 9.6_aarch64 | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 8.6 | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.4_s390x | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.6_s390x | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le | cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 8.6 | cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.2_ppc64le | cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.4_ppc64le | cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.6_ppc64le | cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* |
| redhat | virtualization | 4.0 | cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* |
| redhat | virtualization_host | 4.0 | cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 8.6 | cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 9.2 | cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 9.4 | cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 9.6 | cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 | cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_arm_64_eus | 8.6_aarch64 | cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 | cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 | cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 | cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.2_s390x | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 8.6 | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_power_big_endian_eus | 8.6_ppc64le | cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_aus | 8.6 | cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_aus | 9.2 | cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_aus | 9.4 | cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_aus | 9.6 | cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le | cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.4_ppc64le | cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le | cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_tus | 8.6 | cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 22.04 | cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 23.04 | cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
| netapp | h410c_firmware | — | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
| netapp | h300s_firmware | — | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| netapp | h500s_firmware | — | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| netapp | h700s_firmware | — | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| netapp | h410s_firmware | — | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| netapp | ontap_select_deploy_administration_utility | — | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |