Skip to content

leesh3288/CVE-2023-4911

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Makefile
init
October 4, 2023 23:12
README.md
init
October 4, 2023 23:12
exp.c
remove unused kv2 array
October 4, 2023 23:16
gen_libc.py
init
October 4, 2023 23:12

README.md

PoC of CVE-2023-4911 "Looney Tunables"

This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's GLIBC_TUNABLES environment variable parsing function parse_tunables().

Code has been tested on Ubuntu 22.04.3 with glibc version 2.35-0ubuntu3.3. No attempts have been made to generalize the PoC (read: "Works On My Machine"), so your mileage may vary.

As always, big kudos to the Qualys Threat Research Unit for the discovery of the vulnerability and for the very detailed writeup.

Written by Xion of KAIST Hacking Lab

About

PoC for CVE-2023-4911

Resources

Readme
Activity

Stars

356 stars

Watchers

5 watching

Forks

55 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages