CVE-2019-1010023

Name of the Vulnerable Software and Affected Versions GNU Libc (affected versions not specified)

Description The issue is related to the libld component of the GNU Libc library, which provides system calls and basic functions. It is associated with insufficient input validation, allowing a remote attacker to execute arbitrary code using a specially crafted ELF file. The attack vector involves sending two ELF files to the victim and asking them to run ldd on it, which executes code. Note that upstream comments indicate this is being treated as a non-security bug and no real threat.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.