The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/101517 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=22325 | Issue Tracking Patch Third Party Advisory |
| http://www.securityfocus.com/bid/101517 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=22325 | Issue Tracking Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 03:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/101517 - | |
| References | () https://sourceware.org/bugzilla/show_bug.cgi?id=22325 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2017-10-20 17:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15671
Mitre link : CVE-2017-15671
CVE.ORG link : CVE-2017-15671
JSON object : View
Products Affected
gnu
- glibc
CWE
CWE-772
Missing Release of Resource after Effective Lifetime