CVE-2007-3508
published 2007-07-03CVE-2007-3508: Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large…
high7.2CVSS 3.1
AVLACLAuNCCICAC
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.6-2 (bookworm) | glibc 2.6-2 (bookworm) |
| gentoo | glibc | <= 2.5 | — |
| gnu | glibc | >= 0 < 2.6-2 | 2.6-2 |
| gnu | glibc | >= 0 < 2.6-2 | 2.6-2 |
| gnu | glibc | >= 0 < 2.6-2 | 2.6-2 |
| gnu | glibc | >= 0 < 2.6-2 | 2.6-2 |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH