CVE-2016-1234

Published: 01 June 2016

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

From the Ubuntu security team

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.19-0ubuntu6.10)
glibc
Launchpad, Ubuntu, Debian
Upstream
Released (2.24)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.23-0ubuntu6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea