CVE-2023-4911
Known exploited
Public exploit
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Max CVSS
7.8
EPSS Score
1.88%
Published
2023-10-03
Updated
2024-02-22
CISA KEV Added
2023-11-21
CVE-2018-1000001
Public exploit
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Max CVSS
7.8
EPSS Score
0.53%
Published
2018-01-31
Updated
2019-10-03
CVE-2015-0235
Public exploit
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Max CVSS
10.0
EPSS Score
97.52%
Published
2015-01-28
Updated
2022-07-05
CVE-2010-3856
Public exploit
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-01-07
Updated
2023-07-20
CVE-2010-3847
Public exploit
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Max CVSS
6.9
EPSS Score
0.08%
Published
2011-01-07
Updated
2023-02-13
5 vulnerabilities found