Do your applications use this vulnerable package?
Test your applications
Overview
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
References
CVSS Score
5.3
low severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2019-1010025
- CWE
- CWE-330
- Snyk ID
- SNYK-DEBIAN9-GLIBC-453579
- Disclosed
- 15 Jul, 2019
- Published
- 24 Jul, 2019