Published: 22/10/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The glob function in glob.c in the GNU C Library (aka glibc or libc6) prior to 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Several security issues were fixed in the GNU C library ...

Debian Bug report logs - #879501 CVE-2017-15670 Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 22 Oct 2017 10:51:02 UTC Severity: important Tags: fixed-upstre ...

Debian Bug report logs - #879955 glibc: CVE-2017-15804 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Oct 2017 16:09:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Fo ...

Debian Bug report logs - #879500 CVE-2017-15671 Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 22 Oct 2017 10:45:06 UTC Severity: important Tags: fixed-upstre ...

stdlib/canonicalizec in the GNU C Library (aka glibc or libc6) 227 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution(CVE-2018-11236) The GNU C Library (aka glibc or lib ...

Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 226, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation(CVE-2017-12132) Buffer overflow in glob with GLOB_TI ...

The glob function in globc in the GNU C Library (aka glibc or libc6) before 227 contains a buffer overflow during unescaping of user names with the ~ operator ...

Frequently Asked Questions

Frequently Asked Questions As stewards of the official images and maintainers of many images ourselves, we often see a lot of questions that surface repeatedly This repository is an attempt to gather some of those and provide some answers! Table of Contents Frequently Asked Questions Table of Contents General Questions What do you mean by "Official"? An image

CWE-119 https://sourceware.org/bugzilla/show_bug.cgi?id=22332 http://www.securityfocus.com/bid/101535 https://access.redhat.com/errata/RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:1879 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 https://access.redhat.com/errata/RHSA-2018:1879 https://nvd.nist.gov https://usn.ubuntu.com/3534-1/

CVE-2017-15804

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect