CVE-2005-3590Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedApr 10
Latest updateMay 1

Description

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDgnu/glibc< 2.3.5
Debiangnu/glibc< 2.3.5-3+3

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-xhm3-9gcc-42h6: The getgrouplist function in the GNU C library (glibc) before version 22022-05-01
OSV
CVE-2005-3590: The getgrouplist function in the GNU C library (glibc) before version 22019-04-10
CVEList
CVE-2005-3590: The getgrouplist function in the GNU C library (glibc) before version 22019-04-10

📋Vendor Advisories

2
Red Hat
glibc: buffer overflow in getgrouplist function leading to corrupted memory2019-04-10
Debian
CVE-2005-3590: glibc - The getgrouplist function in the GNU C library (glibc) before version 2.3.5, whe...2005

💬Community

1
Bugzilla
CVE-2005-3590 glibc: buffer overflow in getgrouplist function leading to corrupted memory2019-05-03
CVE-2005-3590 — GNU Glibc vulnerability | cvebase