Vulnerability CVE-2017-15670: Information
Description
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| glibc | sisyphus | 2.25-alt3 | 2.38.0.76.e9f05fa1c6-alt1 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | sisyphus_e2k | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.2 | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4 | ALT-PU-2024-1492-1 | - | Fixed |
| glibc | p10 | 2.25-alt3 | 2.32-alt5.p10.3 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | p9 | 2.25-alt3 | 2.27-alt14 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | p8 | 2.23-alt3.M80P.1 | 2.23-alt3.M80P.2 | ALT-PU-2017-2517-1 | 191925 | Fixed |
| glibc | c10f1 | 2.25-alt3 | 2.32-alt5.p10.3 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | c9f2 | 2.25-alt3 | 2.27-alt14 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | c7 | 2.17-alt5.M70C.14 | 2.17-alt5.M70C.14 | ALT-PU-2017-2497-1 | 191929 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22320 |
|
| 101521 | |
| RHSA-2018:0805 | |
| RHSA-2018:1879 |