Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from Vendor (bress) · only source for this CVE.
CVSS VectorVendor: bress
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
AnalysisAI
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Affected products include: Gnu Glibc.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, r
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-depe
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-depende
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical seve
GNU Libc current is affected by: Mitigation bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer ove
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Se
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today