Unrated severityNVD Advisory· Published Jan 22, 2023· Updated Apr 2, 2025
CVE-2023-24056
CVE-2023-24056
Description
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords9 versionspkg:apk/chainguard/pkgconfpkg:apk/chainguard/pkgconf-devpkg:apk/chainguard/pkgconf-docpkg:apk/wolfi/pkgconfpkg:apk/wolfi/pkgconf-devpkg:apk/wolfi/pkgconf-docpkg:rpm/opensuse/pkgconf&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/pkgconf&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/pkgconf&distro=SUSE%20Package%20Hub%2015%20SP3
< 1.9.4-r0+ 8 more
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.9.4-r0
- (no CPE)range: < 1.5.3-bp153.2.3.1
- (no CPE)range: < 1.8.0-150400.3.3.1
- (no CPE)range: < 1.5.3-bp153.2.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.