The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
References
Configurations
History
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2014-10-06 23:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-4043
Mitre link : CVE-2014-4043
CVE.ORG link : CVE-2014-4043
JSON object : View
Products Affected
opensuse
- opensuse
gnu
- glibc
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')