Buffer Overflow

2022-04-1000:42:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON

glibc is vulnerable to buffer overflow. The vulnerability exists due to a memory corruption when the size of the buffer is exactly 1 which allows an attacker to control the input buffer and size passed to getcwd() in a setuid program.

CPENameOperatorVersion
compat-glibceq2.12__4.el7.centos
glibceq2.12__1.166.el6_7.3
glibceq2.28__42.el8.1
glibceq2.17__322.el7_9
glibceq2.12__1.149.el6_6.9
glibceq2.28__158.el8
glibceq2.28__42.el8_0.1
glibceq2.12__1.80.el6
glibceq2.12__1.80.el6_3.5
glibceq2.12__1.212.el6_10.3

Name	Operator	Version
compat-glibc	eq	2.12__4.el7.centos
glibc	eq	2.12__1.166.el6_7.3
glibc	eq	2.28__42.el8.1
glibc	eq	2.17__322.el7_9
glibc	eq	2.12__1.149.el6_6.9
glibc	eq	2.28__158.el8
glibc	eq	2.28__42.el8_0.1
glibc	eq	2.12__1.80.el6
glibc	eq	2.12__1.80.el6_3.5
glibc	eq	2.12__1.212.el6_10.3