cbcvebase.
CVE-2017-15804
published 2017-10-22

CVE-2017-15804: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianglibc< glibc 2.25-3 (bookworm)glibc 2.25-3 (bookworm)
eglibceglibc>= 0 < 2.19-0ubuntu6.142.19-0ubuntu6.14
gnuglibc<= 2.26
gnuglibc>= 0 < 2.25-32.25-3
gnuglibc>= 0 < 2.25-32.25-3
gnuglibc>= 0 < 2.25-32.25-3
gnuglibc>= 0 < 2.25-32.25-3
gnuglibc>= 0 < 2.23-0ubuntu102.23-0ubuntu10

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL