Описание
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | vulnerable code not present |
| cosmic | ignored | end of life |
| devel | not-affected | vulnerable code not present |
| disco | not-affected | vulnerable code not present |
| eoan | not-affected | vulnerable code not present |
| esm-apps/bionic | not-affected | vulnerable code not present |
| esm-apps/xenial | not-affected | vulnerable code not present |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | released | 2.19-0ubuntu6.14 |
| precise/esm | not-affected | 2.15-0ubuntu10.21 |
| trusty | released | 2.19-0ubuntu6.14 |
| trusty/esm | released | 2.19-0ubuntu6.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.26-0ubuntu2.1 |
| bionic | not-affected | 2.26-0ubuntu2.1 |
| cosmic | not-affected | 2.26-0ubuntu2.1 |
| devel | not-affected | 2.26-0ubuntu2.1 |
| disco | not-affected | 2.26-0ubuntu2.1 |
| eoan | not-affected | 2.26-0ubuntu2.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2.26-0ubuntu2.1 |
| esm-infra/xenial | released | 2.23-0ubuntu10 |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.1.19-1 |
| cosmic | not-affected | 1.1.19-1 |
| devel | not-affected | 1.1.19-1 |
| disco | not-affected | 1.1.19-1 |
| eoan | not-affected | 1.1.19-1 |
| esm-apps/bionic | not-affected | 1.1.19-1 |
| esm-apps/xenial | released | 1.1.9-1ubuntu0.1~esm2 |
| esm-infra-legacy/trusty | released | 0.9.15-1ubuntu0.1~esm1 |
| precise/esm | DNE |
Показывать по
Ссылки на источники
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...
EPSS
7.2 High
CVSS2
7.8 High
CVSS3