What is CVE-2023-0687?

A medium-severity vulnerability has been identified in GNU C Library versions prior to 2.38. This buffer overflow vulnerability affects the Call Graph Monitor and requires immediate attention for remediation.

What is the severity of CVE-2023-0687?

CVE-2023-0687 has a severity rating of MEDIUM with a CVSS base score of 4.6.

CVE-2023-0687 | Medium Vulnerability in GNU C Library

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

Vulnerability Details

The vulnerability in question pertains to buffer overflow, which is classified under CWE-120. The CVSS score is 4.6, indicating a medium severity level. This score reflects the complexity of exploiting the vulnerability and the potential impacts on the confidentiality, integrity, and availability of the affected systems.

Technical Analysis

The root cause of this vulnerability lies in the buffer overflow condition triggered by the function __monstartup in gmon.c. The attack vector is classified as adjacent network, requiring low privileges, with high attack complexity. User interaction is not required for exploitation. The impacts of a successful attack include low confidentiality, integrity, and availability.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data and system resources. The blast radius could be significant, especially in environments where the GNU C Library is widely deployed. Organizations should assess their exposure and prioritize patching based on the CVSS score and the criticality of their systems.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected, specifically versions of GNU C Library 2.38 and earlier.

Mitigation & Remediation

Organizations should prioritize patching immediately. The recommended patch can be found in the vendor advisory. In cases where a patch cannot be applied, consider implementing network controls to limit exposure and monitoring for suspicious behavior.

Detection Guidance

Monitor logs for unusual access patterns to the gmon component and track system changes post-remediation. Behavioral anomalies may indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of maintaining updated library components. Security teams should engage in penetration testing to identify and remediate similar vulnerabilities in their applications. Additionally, awareness of potential buffer overflow risks should be a priority during development.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-0687: Medium Vulnerability in GNU C Library