CVE-2018-1000001

high-risk
Published 2018-01-31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Do I need to act?

!
41.4% chance of exploitation in next 30 days
EPSS score — higher than 59% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
44889, 43775
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (12)

Affected Vendors

Redhat Gnu Canonical

References (20)

Mailing List http://seclists.org/oss-sec/2018/q1/38
Third Party Advisory http://www.securityfocus.com/bid/102525
Third Party Advisory http://www.securitytracker.com/id/1040162
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0805
https://security.netapp.com/advisory/ntap-20190404-0003/
Third Party Advisory https://usn.ubuntu.com/3534-1/
Third Party Advisory https://usn.ubuntu.com/3536-1/
Exploit https://www.exploit-db.com/exploits/43775/
Exploit https://www.exploit-db.com/exploits/44889/
Third Party Advisory https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
Mailing List http://seclists.org/oss-sec/2018/q1/38
Third Party Advisory http://www.securityfocus.com/bid/102525
Third Party Advisory http://www.securitytracker.com/id/1040162
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0805
https://security.netapp.com/advisory/ntap-20190404-0003/
Third Party Advisory https://usn.ubuntu.com/3534-1/
Third Party Advisory https://usn.ubuntu.com/3536-1/
Exploit https://www.exploit-db.com/exploits/43775/
Exploit https://www.exploit-db.com/exploits/44889/
Third Party Advisory https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
65
/ 100
high-risk
Severity 24/34 · High
Exploitability 24/34 · High
Exposure 17/34 · Moderate