Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2015-8777

Published: 20/01/2016 Updated: 05/01/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Glibc

Vulnerability Summary

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) prior to 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

Vendor Advisories

Ubuntu Security Notice: eglibc, glibc vulnerabilities
Several security issues were fixed in the GNU C Library ...
Ubuntu Security Notice: eglibc, glibc regression
USN-2985-1 introduced a regression in the GNU C Library ...
Amazon Linux AMI: ALAS-2017-877
Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen() function An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code(CVE-2015-8779) Integer overflow in hcreate and hcreate_rAn integer overflow vulnerability was found in hcrea ...

References

CWE-254https://sourceware.org/bugzilla/show_bug.cgi?id=18928http://hmarco.org/bugs/glibc_ptr_mangle_weakness.htmlhttp://www.openwall.com/lists/oss-security/2016/01/20/1http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlhttp://www.ubuntu.com/usn/USN-2985-2http://www.ubuntu.com/usn/USN-2985-1http://www.securityfocus.com/bid/81469http://www.debian.org/security/2016/dsa-3480http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.htmlhttp://www.securitytracker.com/id/1034811https://security.gentoo.org/glsa/201702-11https://access.redhat.com/errata/RHSA-2017:1916https://nvd.nist.govhttps://usn.ubuntu.com/2985-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook