Date published: 2014-10-06T19:55:08.530-04:00
Date last modified: 2017-08-28T21:34:49.687-04:00
CVSS Score: 7.5
Principal attack vector: NETWORK
Reference URL: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
Summary: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.