DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2023-24056

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

Open
LOW (3.4)
  • logo

    System detected CVE-2023-24056 with a risk of 1.7

    main
  • logo

    System created a ticket for CVE-2023-24056

    main

    Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/115

  • S

    Sebastian Kawelke updated the risk assessment from 1.7 to 3.35

    attesting

    Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.7 to 3.35

    0.12.0

    Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high

  • logo

    System fixed CVE-2023-24056

    0.12.0
  • logo

    System fixed CVE-2023-24056

    attesting
  • logo

    System detected CVE-2023-24056 with a risk of 3.35

    0.12.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/pkgconf

Installed version:
1.8.1
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5