CVE-2017-1000408
published 2018-02-01CVE-2017-1000408: A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.25-5 (bookworm) | glibc 2.25-5 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.14 | 2.19-0ubuntu6.14 |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.23-0ubuntu10 | 2.23-0ubuntu10 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH