7.8
CVE-2017-1000366
- EPSS 7.81%
- Published 19.06.2017 16:29:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version5 Editionserver
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version6.6
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version5.9
Redhat ≫ Enterprise Linux Server Aus Version6.2
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Server Aus Version6.5
Redhat ≫ Enterprise Linux Server Aus Version6.6
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version6.2
Redhat ≫ Enterprise Linux Server Eus Version6.5
Redhat ≫ Enterprise Linux Server Eus Version6.7
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Long Life Version5.9
Redhat ≫ Enterprise Linux Server Tus Version6.5
Redhat ≫ Enterprise Linux Server Tus Version6.6
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Openstack ≫ Cloud Magnum Orchestration Version7
Novell ≫ Suse Linux Enterprise Desktop Version12.0 Updatesp2
Novell ≫ Suse Linux Enterprise Point Of Sale Version11.0 Updatesp3
Novell ≫ Suse Linux Enterprise Server Version11.0 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise For Sap Version12 Updatesp1
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp4
Suse ≫ Linux Enterprise Server Version12 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp2
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server For Raspberry Pi Version12 Updatesp2
Suse ≫ Linux Enterprise Software Development Kit Version11.0 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version12.0 Updatesp2
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Mcafee ≫ Web Gateway Version <= 7.6.2.14
Mcafee ≫ Web Gateway Version >= 7.7.0.0 <= 7.7.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.81% | 0.916 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.