Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-1000366


glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.


Published

2017-06-19T16:29:00.310

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System redhat enterprise_linux 5 Yes
Operating System redhat enterprise_linux 6.0 Yes
Operating System redhat enterprise_linux 7.0 Yes
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_desktop 7.0 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_server 6.6 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
Operating System redhat enterprise_linux_server_aus 5.9 Yes
Operating System redhat enterprise_linux_server_aus 6.2 Yes
Operating System redhat enterprise_linux_server_aus 6.4 Yes
Operating System redhat enterprise_linux_server_aus 6.5 Yes
Operating System redhat enterprise_linux_server_aus 6.6 Yes
Operating System redhat enterprise_linux_server_aus 7.2 Yes
Operating System redhat enterprise_linux_server_aus 7.3 Yes
Operating System redhat enterprise_linux_server_aus 7.4 Yes
Operating System redhat enterprise_linux_server_aus 7.6 Yes
Operating System redhat enterprise_linux_server_eus 6.2 Yes
Operating System redhat enterprise_linux_server_eus 6.5 Yes
Operating System redhat enterprise_linux_server_eus 6.7 Yes
Operating System redhat enterprise_linux_server_eus 7.2 Yes
Operating System redhat enterprise_linux_server_eus 7.3 Yes
Operating System redhat enterprise_linux_server_eus 7.4 Yes
Operating System redhat enterprise_linux_server_eus 7.5 Yes
Operating System redhat enterprise_linux_server_eus 7.6 Yes
Operating System redhat enterprise_linux_server_long_life 5.9 Yes
Operating System redhat enterprise_linux_server_tus 6.5 Yes
Operating System redhat enterprise_linux_server_tus 6.6 Yes
Operating System redhat enterprise_linux_server_tus 7.2 Yes
Operating System redhat enterprise_linux_server_tus 7.3 Yes
Operating System redhat enterprise_linux_server_tus 7.6 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
Operating System redhat enterprise_linux_workstation 7.0 Yes
Application openstack cloud_magnum_orchestration 7 Yes
Operating System novell suse_linux_enterprise_desktop 12.0 Yes
Operating System novell suse_linux_enterprise_point_of_sale 11.0 Yes
Operating System novell suse_linux_enterprise_server 11.0 Yes
Operating System opensuse leap 42.2 Yes
Operating System suse linux_enterprise_for_sap 12 Yes
Operating System suse linux_enterprise_server 10 Yes
Operating System suse linux_enterprise_server 11 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server_for_raspberry_pi 12 Yes
Operating System suse linux_enterprise_software_development_kit 11.0 Yes
Operating System suse linux_enterprise_software_development_kit 12.0 Yes
Application gnu glibc ≤ 2.25 Yes
Operating System debian debian_linux 8.0 Yes
Operating System debian debian_linux 9.0 Yes
Application mcafee web_gateway ≤ 7.6.2.14 Yes
Application mcafee web_gateway ≤ 7.7.2.2 Yes

References