PoC of CVE-2023-4911 "Looney Tunables"

This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's GLIBC_TUNABLES environment variable parsing function parse_tunables().

Code has been tested on Ubuntu 22.04.3 with glibc version 2.35-0ubuntu3.3. No attempts have been made to generalize the PoC (read: "Works On My Machine"), so your mileage may vary.

As always, big kudos to the Qualys Threat Research Unit for the discovery of the vulnerability and for the very detailed writeup.

Written by Xion of KAIST Hacking Lab

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
Makefile		Makefile
README.md		README.md
exp.c		exp.c
gen_libc.py		gen_libc.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Makefile

Makefile

README.md

README.md

exp.c

exp.c

gen_libc.py

gen_libc.py

Repository files navigation

PoC of CVE-2023-4911 "Looney Tunables"

About

Releases

Packages

Languages

leesh3288/CVE-2023-4911

Folders and files

Latest commit

History

Repository files navigation

PoC of CVE-2023-4911 "Looney Tunables"

About

Resources

Stars

Watchers

Forks

Languages