CVE-2019-1010023 — Improper Input Validation in Libc Glibc

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 45.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libc Glibc

Timeline

PublishedJul 15

Latest updateMay 24

Description

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5gnu_libc/glibccurrent (At least as of 2018-02-16)

🔴Vulnerability Details

GHSA

GHSA-x8wp-c333-hv92: GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file↗2022-05-24

▶

CVEList

CVE-2019-1010023: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file↗2019-07-15

▶

OSV

CVE-2019-1010023: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file↗2019-07-15

▶

📋Vendor Advisories

Red Hat

glibc: running ldd on malicious ELF leads to code execution because of wrong size computation↗2019-07-15

▶

Debian

CVE-2019-1010023: glibc - GNU Libc current is affected by: Re-mapping current loaded library with maliciou...↗2019

▶

💬Community

Bugzilla

CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation↗2019-11-19

▶

Bugzilla

CVE-2019-1010023 glibc: Re-mapping current loaded libray with malicious ELF file leads to execute arbitrary code with elevated privileges [fedora-all]↗2019-11-19

▶