| Revision Date: | 2018-01-31 | Version: | 1 |
| Title: | CVE-2018-1000001 on Ubuntu 18.04 LTS (bionic) - high. |
| Description: | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | CVE-2018-1000001
|
| Platform(s): | Ubuntu 18.04 LTS
| Product(s): | |
| Definition Synopsis |
| Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
glibc package in bionic, is related to the CVE in some way and has been fixed (note: '2.26-0ubuntu2.1').
OR musl package in bionic, is related to the CVE in some way and has been fixed (note: '1.1.19-1').
|