QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-1000366

Back to search

CVE-2017-1000366

Published: Jun 19, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

VendorProductVersions

n/a

n/a

affected
n/a

References

1038712
vdb-entry
x_refsource_SECTRACK
42275
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:1712
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1479
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1480
vendor-advisory
x_refsource_REDHAT
99127
vdb-entry
x_refsource_BID
42276
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:1567
vendor-advisory
x_refsource_REDHAT
42274
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:1481
vendor-advisory
x_refsource_REDHAT
DSA-3887
vendor-advisory
x_refsource_DEBIAN
GLSA-201706-19
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now