Описание
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | released | 2.19-0ubuntu6.15+esm3 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.27-3ubuntu1.5 |
| devel | not-affected | 2.35-0ubuntu1 |
| esm-infra/bionic | released | 2.27-3ubuntu1.5 |
| esm-infra/focal | released | 2.31-0ubuntu9.7 |
| esm-infra/xenial | released | 2.23-0ubuntu11.3+esm1 |
| focal | released | 2.31-0ubuntu9.7 |
| hirsute | ignored | end of life |
| impish | released | 2.34-0ubuntu3.2 |
| jammy | not-affected | 2.35-0ubuntu1 |
| kinetic | not-affected | 2.35-0ubuntu1 |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
A flaw was found in glibc. An off-by-one buffer overflow and underflow ...
EPSS
7.8 High
CVSS3