Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-18
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
Products | Glibc, Data_ontap_edge, Element_software_management, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host |
Type | Out-of-bounds Write (CWE-787) Integer Overflow or Wraparound (CWE-190) |
First patch | - None (likely due to unavailable code) |
Links |
• https://security.netapp.com/advisory/ntap-20190401-0001/
• https://access.redhat.com/errata/RHSA-2018:3092 • https://usn.ubuntu.com/4416-1/ • https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2 • https://sourceware.org/bugzilla/show_bug.cgi?id=22786 |