QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0830

Published: Jun 1, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2010:052

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html

x_refsource_MISC

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=db07e962b6ea963dbb345439f6ab9b0cf74d87c5

x_refsource_CONFIRM

http://frugalware.org/security/662

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_DEBIAN

glibc-elf-code-execution(58915)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.