Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-48958
CVE-2023-48958:
NixOS vulnerability analysis and mitigation
Overview
CVE-2023-48958 is a memory leak vulnerability discovered in GPAC version 2.3-DEV-rev617-g671976fcc-master. The vulnerability specifically affects the gf_mpd_resolve_url function in media_tools/mpd.c at line 4589. The issue was initially reported on November 16, 2023, and was disclosed publicly on December 7, 2023 (GitHub Issue).
Technical details
The vulnerability manifests as a direct memory leak of 50 bytes in a single object allocation. The leak occurs in the strdup function call within gf_mpd_resolve_url, which is called through the gf_dash_resolve_url function in media_tools/dash_client.c. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).
Impact
The vulnerability can lead to memory leaks in the affected system, potentially causing resource exhaustion and denial of service conditions when exploited (GitHub Gist).
Mitigation and workarounds
The issue has been fixed in newer versions of GPAC. Users are advised to update to the latest version. A specific fix was committed through commit 249c9fc18704e6d3cb6a4b173034a41aa570e7e4 (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management