CVE-2016-1234: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent…

high7.5CVSS 3.0

AVNACLPRNUINSUCNINAH

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
debian	glibc	< glibc 2.22-8 (bookworm)	glibc 2.22-8 (bookworm)
eglibc	eglibc	>= 0 < 2.19-0ubuntu6.10	2.19-0ubuntu6.10
eglibc	eglibc	>= 0 < 2.19-0ubuntu6.11	2.19-0ubuntu6.11
fedoraproject	fedora	—	—
gnu	glibc	< 2.24	2.24
gnu	glibc	>= 0 < 2.22-8	2.22-8
gnu	glibc	>= 0 < 2.22-8	2.22-8
gnu	glibc	>= 0 < 2.22-8	2.22-8
gnu	glibc	>= 0 < 2.22-8	2.22-8
gnu	glibc	>= 0 < 2.23-0ubuntu6	2.23-0ubuntu6
gnu	glibc	>= 0 < 2.23-0ubuntu7	2.23-0ubuntu7
opensuse	leap	—	—
opensuse	opensuse	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH