CVE-2017-1000409
published 2018-02-01CVE-2017-1000409: A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many…
high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EXPLOIT
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.25-5 (bookworm) | glibc 2.25-5 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.14 | 2.19-0ubuntu6.14 |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.25-5 | 2.25-5 |
| gnu | glibc | >= 0 < 2.23-0ubuntu10 | 2.23-0ubuntu10 |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH