- Description
- Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
- MandrivaBased on the analysis of Red Hat and several Glibc developers, Mandriva does not believe this to be exploitable.
- Red HatAfter careful analysis by Red Hat and several Glibc developers, it has been determined that this bug is not exploitable. For more information please see Red Hat Bugzilla bug #247208 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247208
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:glibc:*:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFCAD2C-EC8C-4919-92C5-43C0839D53F7",
"versionEndIncluding": "2.5"
}
],
"operator": "OR"
}
]
}
]