CVE-2023-4911 Looney Tunables: Buffer Overflow in glibc parse_tunables() via name=name=val input

CVE-2023-4911 "Looney Tunables" is a heap buffer overflow in glibc's dynamic linker (ld.so) reachable via the GLIBC_TUNABLES environment variable. When a setuid/setgid binary is executed with a specially crafted GLIBC_TUNABLES value of the form "NAME=NAME=VAL" (where NAME is a valid, SXID_IGNORE tunable), the parse_tunables() function processes the entry TWICE, writing its canonical form to the output buffer twice. The second write overflows the heap buffer allocated by tunables_strdup(). This allows local privilege escalation to root on all major Linux distros (Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13).