CVE-2005-3590
published 2019-04-10CVE-2005-3590: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.3.5-3 (bookworm) | glibc 2.3.5-3 (bookworm) |
| gnu | glibc | < 2.3.5 | 2.3.5 |
| gnu | glibc | >= 0 < 2.3.5-3 | 2.3.5-3 |
| gnu | glibc | >= 0 < 2.3.5-3 | 2.3.5-3 |
| gnu | glibc | >= 0 < 2.3.5-3 | 2.3.5-3 |
| gnu | glibc | >= 0 < 2.3.5-3 | 2.3.5-3 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL