CVE-2003-0689
published 2003-10-20CVE-2003-0689: The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.2.5 (bookworm) | glibc 2.2.5 (bookworm) |
| gnu | glibc | >= 0 < 2.2.5 | 2.2.5 |
| gnu | glibc | >= 0 < 2.2.5 | 2.2.5 |
| gnu | glibc | >= 0 < 2.2.5 | 2.2.5 |
| gnu | glibc | >= 0 < 2.2.5 | 2.2.5 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH