Out-of-Bounds in glibc

Do your applications use this vulnerable package? Test your applications

Overview

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

References

Debian Security Tracker
Exploit DB
Netapp Security Advisory
Oss-Sec Mailing List
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-1000409
CWE: CWE-119
Snyk ID: SNYK-DEBIAN9-GLIBC-356506
Disclosed: 01 Feb, 2018
Published: 01 Feb, 2018

Out-of-Bounds
Affecting glibc package, versions <2.24-11+deb9u4

Overview

References

CVSS Score

Out-of-Bounds Affecting glibc package, versions <2.24-11+deb9u4

Overview

References

Out-of-Bounds
Affecting glibc package, versions <2.24-11+deb9u4