glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
No history.
Information
Published : 2017-06-19 16:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-1000366
Mitre link : CVE-2017-1000366
CVE.ORG link : CVE-2017-1000366
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux
- enterprise_linux_server_long_life
- enterprise_linux_server_eus
suse
- linux_enterprise_software_development_kit
- linux_enterprise_for_sap
- linux_enterprise_server
- linux_enterprise_server_for_raspberry_pi
novell
- suse_linux_enterprise_desktop
- suse_linux_enterprise_server
- suse_linux_enterprise_point_of_sale
openstack
- cloud_magnum_orchestration
gnu
- glibc
opensuse
- leap
mcafee
- web_gateway
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer