CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-15670

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile28.56th
Published2017年10月20日
Last Modified2026年5月13日

Vulnerability Description

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

Affected Platforms (CPE)

📦
Gnu

Glibc

<= 2.26

References & Advisories

🔗 http://www.securityfocus.com/bid/101521
🔗 https://access.redhat.com/errata/RHSA-2018:0805
🔗 https://access.redhat.com/errata/RHSA-2018:1879
🔗 https://sourceware.org/bugzilla/show_bug.cgi?id=22320
🔗 http://www.securityfocus.com/bid/101521
🔗 https://access.redhat.com/errata/RHSA-2018:0805
🔗 https://access.redhat.com/errata/RHSA-2018:1879
🔗 https://sourceware.org/bugzilla/show_bug.cgi?id=22320

相關漏洞威脅

CVE-2015-023510.0

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con...

CVE-2017-158049.8

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of ...

CVE-2017-182699.8

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka...

CVE-2018-64859.8

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2....