GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Improper Input Validation
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/glibc | deb | debian | 12 | >=2.36-9+deb12u4 | Not yet available |
| debian/glibc | deb | debian | 11 | >=2.31-13+deb11u8 | Not yet available |
| debian/glibc | deb | debian | unstable | >=2.38-11 | Not yet available |
| debian/glibc | deb | debian | 13 | >=2.38-11 | Not yet available |
| debian/glibc | deb | debian | 10 | >=2.28-10+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.8
2.8
1.8
CVE-2019-1010023
-
CVE-2019-1010023
-
-
-