
Find real vulnerabilities before they ship
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Base Score
7.8| Base Score | 7.8 |
|---|---|
| Vector String | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | LOCAL |