LAYER: meta PACKAGE NAME: cross-localedef-native PACKAGE VERSION: 2.39+git CVE: CVE-2023-4911 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in stable branch updates CVE SUMMARY: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4911