Vulnerability CVE-2017-15670: Information

Description

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15670
Published: Oct. 20, 2017
Modified: June 20, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.25-alt32.38.0.66.ge1135387de-alt1ALT-PU-2017-2516-1191922Fixed
glibcsisyphus_e2k2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.22.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4ALT-PU-2024-1492-1-Fixed
glibcp102.25-alt32.32-alt5.p10.2ALT-PU-2017-2516-1191922Fixed
glibcp92.25-alt32.27-alt14ALT-PU-2017-2516-1191922Fixed
glibcp82.23-alt3.M80P.12.23-alt3.M80P.2ALT-PU-2017-2517-1191925Fixed
glibcc10f12.25-alt32.32-alt5.p10.2ALT-PU-2017-2516-1191922Fixed
glibcc9f22.25-alt32.27-alt14ALT-PU-2017-2516-1191922Fixed
glibcc72.17-alt5.M70C.142.17-alt5.M70C.14ALT-PU-2017-2497-1191929Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
  • Issue Tracking
  • Patch
  • Third Party Advisory
101521
    RHSA-2018:0805
      RHSA-2018:1879

          1. Configuration 1

            cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
            End including
            2.26
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top