QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19126

Published: Nov 19, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceware.org/bugzilla/show_bug.cgi?id=25204

FEDORA-2020-1a3bdfde17

vendor-advisory

FEDORA-2020-c32e4b271c

vendor-advisory

vendor-advisory

[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.