6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glibc | < 2.36-9+deb12u4 | glibc_2.36-9+deb12u4_all.deb |
Debian | 11 | all | glibc | < 2.31-13+deb11u8 | glibc_2.31-13+deb11u8_all.deb |
Debian | 10 | all | glibc | < 2.28-10+deb10u1 | glibc_2.28-10+deb10u1_all.deb |
Debian | 999 | all | glibc | < 2.37-18 | glibc_2.37-18_all.deb |
Debian | 13 | all | glibc | < 2.37-18 | glibc_2.37-18_all.deb |