VDB
DEBIAN-CVE-2023-4911
DEBIAN-CVE-2023-4911
PUBLISHED
CVSS 7.800000190734863 HIGH
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | glibc | 0, 2.31-13+deb11u5, 2.31-13+deb11u6 |
| Debian:12 | glibc | 0, 2.36-9, 2.36-9 |
| Debian:13 | glibc | 0, 0, 0 |
| Debian:14 | glibc | 0, 0, 0 |
Exploit Intelligence
- Pure C exploit for CVE-2023-4911 (Looney Tunables). No Python required. Features multi-processing brute-forcing, dynamic calibration, and integrated ELF parser. (github-poc-repo)
- Pure C exploit for CVE-2023-4911 (Looney Tunables). No Python required. Features multi-processing brute-forcing, dynamic calibration, and integrated ELF parser. (github-poc)
- Looney Tunables Local privilege escalation (CVE-2023-4911) workshop (github-poc-repo)
- Proof of concept for CVE-2023-4911 (Looney Tunables) discovered by Qualys Threat Research Unit (github-poc-repo)
- Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables. (github-poc-repo)
- CVE-2023-4911-Looney-Tunables (github-poc-repo)
- KillReal01/CVE-2023-4911 (github-poc-repo)
- Aryan20057/CVE-2023-4911 (github-poc-repo)
- 0xMOGA/CVE-2023-4911-Lab (github-poc-repo)
- 0xMOGA/CVE-2023-4911-Lab (github-poc)
…and 23 more exploits
Timeline
- Oct 3, 2023 CVE Published
- Feb 13, 2025 PoC Published
- Apr 28, 2026 CVE Updated