Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/leesh3288/CVE-2023-4911

PoC for CVE-2023-4911
https://github.com/leesh3288/CVE-2023-4911

Last synced: 8 days ago
JSON representation

PoC for CVE-2023-4911

Host: GitHub
URL: https://github.com/leesh3288/CVE-2023-4911
Owner: leesh3288
Created: 2023-10-04T14:12:16.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-10-04T14:16:36.000Z (about 1 year ago)
Last Synced: 2024-08-02T15:07:44.287Z (3 months ago)
Language: C
Size: 1.95 KB
Stars: 378
Watchers: 5
Forks: 59
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # PoC of CVE-2023-4911 "Looney Tunables"

This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's `GLIBC_TUNABLES` environment variable parsing function `parse_tunables()`.

Code has been tested on Ubuntu 22.04.3 with glibc version `2.35-0ubuntu3.3`. No attempts have been made to generalize the PoC (read: "Works On My Machine"), so your mileage may vary.

As always, big kudos to the [Qualys Threat Research Unit](https://www.qualys.com/tru/) for the discovery of the vulnerability and for the [very detailed writeup](https://seclists.org/oss-sec/2023/q4/18).

-----

Written by [Xion](https://twitter.com/0x10n) of [KAIST Hacking Lab](https://kaist-hacking.github.io/)