ROS-20260505-73-0080

A vulnerability in the wordexp function of the glibc system library involves the use of an uninitialized resource. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

CVE-2025-15281

CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...

Linux Distros Unpatched Vulnerability : CVE-2021-35942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

The vulnerability of the wordexp() function in the tinygltf library, a programming language, allows attackers to execute arbitrary code.

The vulnerability of the wordexp function in the tinygltf programming language library is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted commands...

DEBIAN-CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

The vulnerability of the wordexp() function in the library that handles system calls and core glibc functions allows a hacker to read arbitrary files.

The vulnerability of the wordexp function in the library, which handles system calls and core glibc functions, is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to read arbitrary files...

sudo: noexec bypass via wordexp()

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

glibc: command execution in wordexp() with WRDE_NOCMD specified

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...

[SECURITY] [DLA 97-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u2 CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv...

Updated glibc packages fix CVE-2014-7817

The function wordexp fails to properly handle the WRDENOCMD flag when processing arithmetic inputs in the form of "$... " where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDENOCMD forbade command substitution. This allows an attack...

UBUNTU-CVE-2014-7817

The wordexp function in GNU C Library aka glibc 2.21 does not enforce the WRDENOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$..."...