CVE-2014-0475 — Path Traversal in Glibc

CWE-22 — Path Traversal11 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 30.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Eglibc

Timeline

PublishedJul 29

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debiangnu/glibc< 2.19-6+3

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.3

▶NVDgnu/glibc2.19+28

🔴Vulnerability Details

GHSA

GHSA-5rvh-fh5r-rhfv: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2↗2022-05-17

▶

OSV

eglibc vulnerability↗2014-08-29

▶

OSV

eglibc vulnerabilities↗2014-08-04

▶

CVEList

CVE-2014-0475: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2↗2014-07-29

▶

OSV

CVE-2014-0475: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2↗2014-07-29

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2014-08-04

▶

Red Hat

glibc: directory traversal in LC_* locale handling↗2014-07-09

▶

Debian

CVE-2014-0475: glibc - Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc...↗2014

▶

💬Community

Bugzilla

CVE-2014-0475 glibc: directory traversal in LC_* locale handling [fedora-all]↗2014-07-11

▶

Bugzilla

CVE-2014-0475 glibc: directory traversal in LC_* locale handling↗2014-05-28

▶