CVE-2005-3590

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.3.5

Description The issue is related to the getgrouplist function in the GNU C library. When this function is invoked with a zero argument, it writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow. This could potentially allow attackers to corrupt memory.

Recommendations For versions prior to 2.3.5, update to version 2.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the getgrouplist function with zero arguments until a patch is available.