PT-2018-1072 · Gnu+5 · Glibc+5

Halfdog

Published

2017-12-26

Updated

2025-09-29

CVE-2018-1000001

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.26 and earlier

Description The issue arises from the confusion in the usage of getcwd() by realpath() in glibc, leading to a buffer underflow. This can potentially allow for code execution. The vulnerability is caused by the operation exceeding the buffer boundaries in memory. Exploitation of this issue may enable an attacker to execute arbitrary code using a specially crafted SUID file.

Recommendations For glibc versions 2.26 and earlier, consider updating to a version later than 2.26 to resolve the issue. As a temporary workaround, restrict the use of SUID files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2021_1585

ALSA-2022_0825

ALSA-2024_2722

ALSA-2024_3269

ALSA-2024_3339

ALSA-2025_16880

ALT-PU-2017-2833

ALT-PU-2018-1034

BDU:2018-00415

CESA-2018_0805

CVE-2018-1000001

ELSA-2018-0805

MGASA-2018-0096

MGASA-2018-0098

OPENSUSE-SU-2018_0089-1

OPENSUSE-SU-2018_0494-1

OPENSUSE-SU-2024:10792-1

RHSA-2018:0805

RHSA-2018_0805

SUSE-SU-2018:0071-1

SUSE-SU-2018:0074-1

SUSE-SU-2018:0075-1

SUSE-SU-2018:0076-1

SUSE-SU-2018:0451-1

SUSE-SU-2018:0565-1

SUSE-SU-2018:2187-1

SUSE-SU-2018_0071-1

SUSE-SU-2018_0074-1

SUSE-SU-2018_0075-1

SUSE-SU-2018_0076-1

SUSE-SU-2018_0451-1

SUSE-SU-2018_0565-1

SUSE-SU-2018_2187-1

USN-3534-1

USN-3536-1

USN-4768-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2018-1072 · Gnu+5 · Glibc+5

CVE-2018-1000001

Weakness Enumeration

Related Identifiers

Affected Products

References · 122