{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/vex/2023/cve-2023-2602-els_os-oraclelinux7els.json" } ], "tracking": { "current_release_date": "2026-06-13T01:30:56Z", "generator": { "date": "2026-06-13T01:30:56Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-2602-ELS_OS-ORACLELINUX7ELS", "initial_release_date": "2023-06-06T20:15:00Z", "revision_history": [ { "date": "2023-06-06T20:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T01:30:56Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2023-2602" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" }, { "branches": [ { "category": "product_version", "name": "libcap-0:2.22-11.el7.i686", "product": { "name": "libcap-0:2.22-11.el7.i686", "product_id": "libcap-0:2.22-11.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/oracle/libcap@2.22-11.el7?arch=i686" } } }, { "category": "product_version", "name": "libcap-devel-0:2.22-11.el7.i686", "product": { "name": "libcap-devel-0:2.22-11.el7.i686", "product_id": "libcap-devel-0:2.22-11.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/oracle/libcap-devel@2.22-11.el7?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libcap-0:2.22-11.el7.x86_64", "product": { "name": "libcap-0:2.22-11.el7.x86_64", "product_id": "libcap-0:2.22-11.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/libcap@2.22-11.el7?arch=x86_64" } } }, { "category": "product_version", "name": "libcap-devel-0:2.22-11.el7.x86_64", "product": { "name": "libcap-devel-0:2.22-11.el7.x86_64", "product_id": "libcap-devel-0:2.22-11.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/libcap-devel@2.22-11.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libcap-0:2.22-11.el7.tuxcare.els2.i686", "product": { "name": "libcap-0:2.22-11.el7.tuxcare.els2.i686", "product_id": "libcap-0:2.22-11.el7.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcap@2.22-11.el7.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "product": { "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "product_id": "libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcap-devel@2.22-11.el7.tuxcare.els2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "product": { "name": "libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "product_id": "libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcap@2.22-11.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "product": { "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "product_id": "libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcap-devel@2.22-11.el7.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libcap-0:2.22-11.el7.tuxcare.els2.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.i686" }, "product_reference": "libcap-0:2.22-11.el7.tuxcare.els2.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-0:2.22-11.el7.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-0:2.22-11.el7.i686" }, "product_reference": "libcap-0:2.22-11.el7.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-0:2.22-11.el7.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.x86_64" }, "product_reference": "libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-0:2.22-11.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-0:2.22-11.el7.x86_64" }, "product_reference": "libcap-0:2.22-11.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.i686" }, "product_reference": "libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-devel-0:2.22-11.el7.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.i686" }, "product_reference": "libcap-devel-0:2.22-11.el7.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64" }, "product_reference": "libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcap-devel-0:2.22-11.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.x86_64" }, "product_reference": "libcap-devel-0:2.22-11.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2602", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Oracle-Linux-7:libcap-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-0:2.22-11.el7.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-2602" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "category": "external", "summary": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf", "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" } ], "release_date": "2023-06-06T20:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:07:51.179841Z", "details": "This is a local-only denial‑of‑service in libcap’s libpsx pthread wrapper: it requires the target program to be explicitly linked so that __wrap_pthread_create replaces pthread_create, and an attacker already executing code must repeatedly force thread‑creation failures to accumulate small per‑call leaks. The impact is limited to availability of the affected process (no confidentiality, integrity, or privilege‑escalation effect). Given these constraints and that it cannot be triggered remotely without prior code execution on the host, it can be safely deprioritized in enterprise VM/server environments.", "product_ids": [ "Oracle-Linux-7:libcap-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-0:2.22-11.el7.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:libcap-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-0:2.22-11.el7.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.i686", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.tuxcare.els2.x86_64", "Oracle-Linux-7:libcap-devel-0:2.22-11.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }