Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-15671

Published: 20/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Glibc

Vulnerability Summary

The glob function in glob.c in the GNU C Library (aka glibc or libc6) prior to 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2017-15670
Debian Bug report logs - #879501 CVE-2017-15670 Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 22 Oct 2017 10:51:02 UTC Severity: important Tags: fixed-upstre ...
Debian CVElist Bug Report Logs: glibc: CVE-2017-15804
Debian Bug report logs - #879955 glibc: CVE-2017-15804 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Oct 2017 16:09:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Fo ...
Debian CVElist Bug Report Logs: CVE-2017-15671
Debian Bug report logs - #879500 CVE-2017-15671 Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 22 Oct 2017 10:45:06 UTC Severity: important Tags: fixed-upstre ...
Red Hat: CVE-2017-15671
The glob function in globc in the GNU C Library (aka glibc or libc6) before 227, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak) ...
Arch Linux Issues:
The glob function in globc in the GNU C Library (aka glibc or libc6) before 227, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak) ...

References

CWE-772https://sourceware.org/bugzilla/show_bug.cgi?id=22325http://www.securityfocus.com/bid/101517https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879501
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook