Описание
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.
Отчет
To exploit this issue, an attacker needs to find an application linked to the glibc library that is using the wordexp function with the flags WRDE_REUSE and WRDE_APPEND. Also, calls to wordexp using both flags never worked correctly and thus the existence of applications that make use of this feature is unlikely. There is no known application vulnerable to this issue. Furthermore, this flaw will result in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a low severity.
Меры по смягчению последствий
To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glibc | Affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Fix deferred | ||
| Red Hat Enterprise Linux 6 | glibc | Fix deferred | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Fix deferred | ||
| Red Hat Enterprise Linux 7 | glibc | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred | ||
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2026:4772 | 17.03.2026 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2026:4772 | 17.03.2026 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2026:2786 | 17.02.2026 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2026:2786 | 17.02.2026 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the ...
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
5.9 Medium
CVSS3