CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15804

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile41.07th
PublishedOct 22, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

Affected Platforms (CPE)

πŸ“¦
Gnu

Glibc

<= 2.26

References & Advisories

πŸ”— http://www.securityfocus.com/bid/101535
πŸ”— https://access.redhat.com/errata/RHSA-2018:0805
πŸ”— https://access.redhat.com/errata/RHSA-2018:1879
πŸ”— https://sourceware.org/bugzilla/show_bug.cgi?id=22332
πŸ”— https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8
πŸ”— http://www.securityfocus.com/bid/101535
πŸ”— https://access.redhat.com/errata/RHSA-2018:0805
πŸ”— https://access.redhat.com/errata/RHSA-2018:1879

Related Vulnerabilities

CVE-2015-023510.0

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con...

CVE-2017-156709.8

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glo...

CVE-2017-182699.8

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka...

CVE-2018-64859.8

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2....