CVE-2015-8777Glibc vulnerability

CWE-2549 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 81.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedJan 20
Latest updateMay 14

Description

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/glibc< 2.21-1+3
NVDgnu/glibc2.22

🔴Vulnerability Details

3
GHSA
GHSA-2gq8-953m-fqr3: The process_envvars function in elf/rtld2022-05-14
OSV
CVE-2015-8777: The process_envvars function in elf/rtld2016-01-20
CVEList
CVE-2015-8777: The process_envvars function in elf/rtld2016-01-20

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2016-05-25
Red Hat
glibc: LD_POINTER_GUARD in the environment is not sanitized2015-09-05
Debian
CVE-2015-8777: glibc - The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or li...2015

💬Community

2
Bugzilla
CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment is not sanitized [fedora-all]2015-09-07
Bugzilla
CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment is not sanitized2015-09-07
CVE-2015-8777 — GNU Glibc vulnerability | cvebase