glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
No history.
Information
Published : 2017-06-19 16:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000366
Mitre link : CVE-2017-1000366
CVE.ORG link : CVE-2017-1000366
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_eus
- enterprise_linux_desktop
- enterprise_linux_server_long_life
- enterprise_linux_server_tus
- enterprise_linux_workstation
openstack
- cloud_magnum_orchestration
suse
- linux_enterprise_server_for_raspberry_pi
- linux_enterprise_software_development_kit
- linux_enterprise_for_sap
- linux_enterprise_server
novell
- suse_linux_enterprise_desktop
- suse_linux_enterprise_server
- suse_linux_enterprise_point_of_sale
opensuse
- leap
gnu
- glibc
mcafee
- web_gateway
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer