CVE-2014-4043

🗓️ 06 Oct 2014 23:00:00Reported by mitreType

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, allowing use-after-free vulnerabilities

Reporter	Title	Published	Views	Family All 84
Cvelist	CVE-2014-4043	6 Oct 201423:00	–	cvelist
Debian	[SECURITY] [DLA 165-1] eglibc security update	6 Mar 201515:39	–	debian
Debian	[SECURITY] [DSA 3169-1] eglibc security update	23 Feb 201506:08	–	debian
Debian CVE	CVE-2014-4043	6 Oct 201423:00	–	debiancve
Tenable Nessus	Debian DLA-165-1 : eglibc security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-3169-1 : eglibc - security update	24 Feb 201500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667)	27 Jun 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1721)	22 Jul 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)	24 Sep 201900:00	–	nessus
Tenable Nessus	GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)	9 Mar 201500:00	–	nessus

NVD

Node

gnu glibcRange≤2.19

Node

opensuse opensuseMatch13.1

Source	Link
seclists	www.seclists.org/fulldisclosure/2019/Sep/7
security	www.security.gentoo.org/glsa/201503-04
packetstormsecurity	www.packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/93784
packetstormsecurity	www.packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
sourceware	www.sourceware.org/git/gitweb.cgi
seclists	www.seclists.org/bugtraq/2019/Jun/14
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
seclists	www.seclists.org/bugtraq/2019/Sep/7
sourceware	www.sourceware.org/git/gitweb.cgi

06 May 2026 22:30Current

6.4Medium risk

Vulners AI Score6.4

CVSS 27.5

EPSS0.01643

CWE-94