ALAS2-2022-1857 --- glibcID: oval:org.secpod.oval:def:1701034 | Date: (C)2022-10-27 (M)2023-11-16 |
Class: PATCH | Family: unix |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system
Product: |
glibc |
libcrypt |
nscd |
nss_db |
nss_nis |
nss_hesiod |