CVE-2013-4788

Name of the Vulnerable Software and Affected Versions glibc versions 2.4 through 2.17 eglibc versions 2.4 through 2.17

Description The issue is related to the PTR MANGLE implementation in glibc and eglibc, which does not properly initialize a random value for pointer protection. This can be exploited by a remote attacker to control execution flow by using a buffer overflow in an application and the known zero value of the pointer guard to calculate a pointer address in memory.

Recommendations For glibc versions 2.4 through 2.17, update to a version that properly initializes the random value for the pointer guard. For eglibc versions 2.4 through 2.17, update to a version that properly initializes the random value for the pointer guard. As a temporary workaround, consider restricting the use of applications that utilize the PTR MANGLE implementation until a patch is available.