Home

CVE-2018-1000001

Description

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
33.942

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-2.17-222.el7.i686.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-common-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-devel-2.17-222.el7.i686.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-devel-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-headers-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-static-2.17-222.el7.i686.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-static-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update glibc-utils-2.17-222.el7.x86_64.rpmLinux
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update nscd-2.17-222.el7.x86_64.rpmLinux
Glibc update (ELSA-2018-0805) glibc-2.17-222.el7.x86_64.rpmLinux
Glibc-common update (ELSA-2018-0805) glibc-common-2.17-222.el7.x86_64.rpmLinux
Glibc-devel update (ELSA-2018-0805) glibc-devel-2.17-222.el7.x86_64.rpmLinux
Glibc-headers update (ELSA-2018-0805) glibc-headers-2.17-222.el7.x86_64.rpmLinux
Glibc-static update (ELSA-2018-0805) glibc-static-2.17-222.el7.x86_64.rpmLinux
Glibc-utils update (ELSA-2018-0805) glibc-utils-2.17-222.el7.x86_64.rpmLinux
Nscd update (ELSA-2018-0805) nscd-2.17-222.el7.x86_64.rpmLinux
Glibc update (ELSA-2018-0805) glibc-2.17-222.el7.i686.rpmLinux
Glibc-devel update (ELSA-2018-0805) glibc-devel-2.17-222.el7.i686.rpmLinux
Glibc-static update (ELSA-2018-0805) glibc-static-2.17-222.el7.i686.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234