CVE-2014-4043CVE-2014-4043

Affected configuration(s):

cpe:/a:gnu:glibc:2.19
cpe:/o:novell:opensuse:13.1

Date published: 2014-10-06T19:55:08.530-04:00

Date last modified: 2017-08-28T21:34:49.687-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html

Summary: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.