{
  "version": "1",
  "package": [
    {
      "name": "cross-localedef-native",
      "layer": "meta",
      "version": "2.39+git",
      "products": [
        {
          "product": "cross-localedef",
          "cvesInRecord": "No"
        }
      ],
      "issue": [
        {
          "id": "CVE-2023-4911",
          "summary": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
          "scorev2": "0.0",
          "scorev3": "7.8",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4911",
          "detail": "fixed-version",
          "description": "Fixed in stable branch updates"
        }
      ]
    }
  ]
}