CVE-2023-0687
CVE Details
Visit the official vulnerability details page for CVE-2023-0687 to learn more.
Initial Publication
01/27/2025
Last Update
02/21/2025
Third Party Dependency
glibc
NIST CVE Summary
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
CVE Severity
Our Official Summary
This CVE identifies a potential buffer overflow vulnerability in the GNU C Library's __monstartup function within gmon.c. However, its exploitability is disputed due to the requirement of trusted inputs and specific conditions. Upstream maintainers have disputed the CVE's validity, and several distributions, including Ubuntu, have marked it as not affecting their systems.
The risk for our products is low. A upstream fix when available for the third party images will be adopted.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.7 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.6 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.21 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Status changed from Open to Ongoing |
| 02/14/2025 | Official summary added |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |