Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000409Classic Buffer Overflow in Glibc

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents9 sources
Severity
7.0HIGHNVD
CNA7.8OSV7.8
EPSS
0.9%
top 24.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedFeb 1
Latest updateMay 14

Description

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

Debiangnu/glibc< 2.25-5+3
NVDgnu/glibc2.5

🔴Vulnerability Details

4
GHSA
GHSA-6rpv-6r2m-9c95: A buffer overflow in glibc 22022-05-14
CVEList
CVE-2017-1000409: A buffer overflow in glibc 22018-02-01
OSV
CVE-2017-1000409: A buffer overflow in glibc 22018-02-01
OSV
eglibc, glibc vulnerabilities2018-01-17

💥Exploits & PoCs

1
Exploit-DB
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow2017-12-13

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2018-01-17
Red Hat
glibc: Buffer overflow triggerable via LD_LIBRARY_PATH2017-12-11
Debian
CVE-2017-1000409: glibc - A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be trigg...2017

💬Community

2
Bugzilla
CVE-2017-1000408 CVE-2017-1000409 glibc: various flaws [fedora-all]2017-12-12
Bugzilla
CVE-2017-1000409 glibc: Buffer overflow triggerable via LD_LIBRARY_PATH2017-12-06
CVE-2017-1000409 — Classic Buffer Overflow in GNU Glibc | cvebase