oss-sec mailing list archives
CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak in glob with GLOB_TILDE
From: Eddie Chapman <eddie () ehuk net>
Date: Sat, 21 Oct 2017 19:19:46 +0100
Just a heads up for anyone around over the weekend ... == CVE-2017-15670 == http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670"The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string."
https://sourceware.org/bugzilla/show_bug.cgi?id=22320 https://bugzilla.redhat.com/show_bug.cgi?id=1504804"It is possible that an attacker might use this to escalate his privileges or execute code."
Upstream patch: https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f == CVE-2017-15671 == http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak)."
https://sourceware.org/bugzilla/show_bug.cgi?id=22325 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
Current thread:
- CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak in glob with GLOB_TILDE Eddie Chapman (Oct 21)