CVE-2023-5156

NameCVE-2023-5156
DescriptionA flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1053002

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)bullseye2.31-13+deb11u11fixed
bullseye (security)2.31-13+deb11u10fixed
bookworm2.36-9+deb12u9fixed
bookworm (security)2.36-9+deb12u7fixed
sid, trixie2.40-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsourcebuster(not affected)
glibcsourcebullseye(not affected)
glibcsourcebookworm(not affected)
glibcsource(unstable)2.37-111053002

Notes

[bookworm] - glibc <not-affected> (Fix for CVE-2023-4806 not applied alone in released version)
[bullseye] - glibc <not-affected> (Fix for CVE-2023-4806 not applied alone in released version)
[buster] - glibc <not-affected> (Fix for CVE-2023-4806 not applied alone in released version)
https://bugzilla.redhat.com/show_bug.cgi?id=2240541
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html
https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0005

Search for package or bug name: Reporting problems