CVE-2023-5156 – CVE-2023-5156 is a memory leak vulnerability in... (How to Fix)

Q: What is the severity of CVE-2023-5156?

CVE-2023-5156 has a CVSS score of 7.5 (HIGH). CVE-2023-5156 is a memory leak vulnerability in the GNU C Library (glibc) introduced by a previous fix for CVE-2023-4806. This flaw can cause applications to crash due to memory exhaustion, affecting any system using vulnerable glibc versions. All applications linked against glibc are potentially impacted.

📋 TL;DR

CVE-2023-5156 is a memory leak vulnerability in the GNU C Library (glibc) introduced by a previous fix for CVE-2023-4806. This flaw can cause applications to crash due to memory exhaustion, affecting any system using vulnerable glibc versions. All applications linked against glibc are potentially impacted.

💻 Affected Systems

Products:

GNU C Library (glibc)

Versions: glibc versions containing the fix for CVE-2023-4806 but before the fix for CVE-2023-5156 (specifically versions with commit ec6b95c3303c700eb89eebeda2d7264cc184a796 but before the subsequent fix)

Operating Systems: Linux distributions using affected glibc versions

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability was introduced by a security fix, making systems that patched CVE-2023-4806 vulnerable until they also patch CVE-2023-5156.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through application crashes, potentially affecting critical system services and leading to system instability or downtime.

🟠

Likely Case

Intermittent application crashes under specific conditions, particularly in applications that trigger the affected code path frequently.

🟢

If Mitigated

Minimal impact with proper monitoring and restart mechanisms in place for affected applications.

🌐 Internet-Facing: MEDIUM - Web servers and internet-facing applications could crash, causing service disruption.

🏢 Internal Only: MEDIUM - Internal applications and services could experience crashes affecting business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires triggering specific conditions in applications using glibc

Exploitation requires applications to trigger the memory leak repeatedly, leading to resource exhaustion over time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: glibc versions with the fix for CVE-2023-5156 (after commit addressing the memory leak)

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-5156

Restart Required: Yes

Instructions:

1. Update glibc package using your distribution's package manager. 2. For Red Hat/CentOS/Fedora: 'sudo yum update glibc'. 3. For Debian/Ubuntu: 'sudo apt update && sudo apt upgrade libc6'. 4. Restart affected applications or reboot the system.

🔧 Temporary Workarounds

Monitor and restart applications

linux

Implement monitoring for memory usage and automatically restart applications showing abnormal memory growth

🧯 If You Can't Patch

Implement application monitoring with alerts for memory leaks
Schedule regular application restarts to clear accumulated memory

🔍 How to Verify

Check if Vulnerable:

Check glibc version and verify if it contains the problematic commit but lacks the fix: 'ldd --version' and compare with vendor advisories

Check Version:

ldd --version | head -1

Verify Fix Applied:

Verify glibc version is updated to a version containing the CVE-2023-5156 fix: 'rpm -q glibc' (RHEL) or 'dpkg -l libc6' (Debian/Ubuntu)

📡 Detection & Monitoring

Log Indicators:

Application crashes with out-of-memory errors
Increased memory usage in application logs
System logs showing process termination due to memory exhaustion

Network Indicators:

Service unavailability
Increased latency or timeouts from affected applications

SIEM Query:

source="application_logs" AND ("out of memory" OR "memory leak" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2023-5156

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: September 25, 2023

Last Updated: November 21, 2024

🔗 References

https://access.redhat.com/security/cve/CVE-2023-5156 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240541 Issue Tracking,Patch
https://sourceware.org/bugzilla/show_bug.cgi?id=30884 Issue Tracking,Patch
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 Mailing List,Patch
http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://access.redhat.com/security/cve/CVE-2023-5156 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240541 Issue Tracking,Patch
https://security.gentoo.org/glsa/202402-01
https://sourceware.org/bugzilla/show_bug.cgi?id=30884 Issue Tracking,Patch
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5156, you might also want to check these: