CVE-2017-15804

EUVD-2017-7227
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.26
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
artful
dne
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
trusty
Fixed 2.19-0ubuntu6.14
released
xenial
dne
zesty
dne
glibc
artful
Fixed 2.26-0ubuntu2.1
released
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
trusty
dne
xenial
Fixed 2.23-0ubuntu10
released
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101535
https://access.redhat.com/errata/RHSA-2018:0805
https://access.redhat.com/errata/RHSA-2018:1879
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8
http://www.securityfocus.com/bid/101535
https://access.redhat.com/errata/RHSA-2018:0805
https://access.redhat.com/errata/RHSA-2018:1879
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8