Описание
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
7.8 High
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
A flaw was found in glibc. An off-by-one buffer overflow and underflow ...
EPSS
7.8 High
CVSS3