First published: Mon Jul 15 2019(Updated: )
** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
Credit: josh@bress.net josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | ||
debian/glibc | <=2.31-13+deb11u11<=2.31-13+deb11u10<=2.36-9+deb12u9<=2.36-9+deb12u7<=2.40-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this GNU Libc vulnerability is CVE-2019-1010023.
The severity of CVE-2019-1010023 is high with a severity value of 8.8.
The component affected by CVE-2019-1010023 is libld.
The impact of CVE-2019-1010023 is that in the worst case scenario, an attacker may elevate privileges.
There is currently no known remedy for CVE-2019-1010023.