CVE-2017-1000408

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: glibc version 2.1.1

Description: The issue is related to a memory leak in glibc that can be triggered and amplified through the LD HWCAP MASK environment variable. It is associated with errors in resource management in the dynamic loader ld.so of the glibc library, which provides system calls and basic functions. Exploitation of this issue may allow a local attacker to cause a memory leak using the LD HWCAP MASK variable.

Recommendations: For glibc version 2.1.1, as a temporary workaround, consider restricting the use of the LD HWCAP MASK environment variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-399

Related Identifiers

BDU:2018-00411

CVE-2017-1000408

OPENSUSE-SU-2018_0089-1

OPENSUSE-SU-2024:10792-1

SUSE-SU-2018:0074-1

USN-3534-1

Affected Products

Suse

Ubuntu

Glibc

CVE-2017-1000408

Weakness Enumeration

Related Identifiers

Affected Products

References · 77