PT-2022-4862 · Uclibc-Ng+3 · Uclibc-Ng+3
Lilith >_>
·
Published
2022-09-24
·
Updated
2023-06-28
·
CVE-2022-29503
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
uClibC version 0.9.33.2
uClibC-ng version 1.0.40
Description
A memory corruption issue exists in the libpthread linuxthreads functionality. This can be triggered by thread allocation, leading to memory corruption. An attacker can exploit this by creating threads. The exploitation of this issue may allow a remote attacker to execute arbitrary code by sending a specially crafted request.
Recommendations
For uClibC version 0.9.33.2, consider restricting thread allocation to minimize the risk of exploitation.
For uClibC-ng version 1.0.40, consider disabling the libpthread linuxthreads functionality until a patch is available.
As a temporary workaround, avoid using the
al cpLocation function in the affected libpthread and linuxthreads libraries to prevent memory corruption.Exploit
Fix
Allocation of Resources Without Limits
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Libpthread
Uclibc
Uclibc-Ng