Home

CVE-2017-15671

Description

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.403

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-2.11.3-17.110.24.2.i686.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-32bit-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-devel-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-devel-2.11.3-17.110.24.2.i686.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-devel-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-devel-32bit-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-html-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-html-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-i18ndata-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-i18ndata-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-info-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-info-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-locale-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-locale-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-locale-32bit-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-profile-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-profile-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) glibc-profile-32bit-2.11.3-17.110.24.2.x86_64.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) nscd-2.11.3-17.110.24.2.i586.rpmLinux
SUSE-SU-2018:4067-1(SUSE Linux Enterprise Server 11-SP4 ) nscd-2.11.3-17.110.24.2.x86_64.rpmLinux
Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2017-15671)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234