CVE-2007-3508Integer Overflow or Wraparound in Glibc

CWE-189CWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcGentoo Glibc
Timeline
PublishedJul 3
Latest updateMay 1

Description

Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

Debiangnu/glibc< 2.6-2+3
NVDgentoo/glibc2.5

🔴Vulnerability Details

3
GHSA
GHSA-r68c-v3gr-w2rh: ** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld2022-05-01
CVEList
CVE-2007-3508: Integer overflow in the process_envvars function in elf/rtld2007-07-03
OSV
CVE-2007-3508: Integer overflow in the process_envvars function in elf/rtld2007-07-03

📋Vendor Advisories

2
Red Hat
Glibc integer overflow2007-07-03
Debian
CVE-2007-3508: glibc - Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2...2007

💬Community

1
Bugzilla
CVE-2007-3508 Glibc integer overflow2007-07-06
CVE-2007-3508 — Integer Overflow or Wraparound in Glibc | cvebase