CVE-2023-24056

Published: Jan 22, 2023

Modified: Apr 2, 2025

PUBLISHED

Description

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://nullprogram.com/blog/2023/01/18/

https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059

https://github.com/pkgconf/pkgconf/tags

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24056

Description

Affected Products

References