CVE-2010-3192Sensitive Information Exposure in Glibc

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedOct 14
Latest updateMay 13

Description

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) imp

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgnu/glibc< 2.26

🔴Vulnerability Details

3
GHSA
GHSA-388x-h72v-g58j: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow con2022-05-13
OSV
CVE-2010-3192: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow con2010-10-14
CVEList
CVE-2010-3192: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow con2010-10-12

📋Vendor Advisories

1
Red Hat
glibc: __fortify_fail may use corrupted memory when called from SSP callback2010-04-27

💬Community

1
Bugzilla
CVE-2010-3192 glibc: __fortify_fail may use corrupted memory when called from SSP callback2010-10-15
CVE-2010-3192 — Sensitive Information Exposure in Glibc | cvebase