VDB
CVE-2019-1010023
CVE-2019-1010023
PUBLISHED
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
EPSS 0.29% · 52.9th percentile
Risk Scores
EPSS Score
0.29%
52.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | glibc | 2.23-0ubuntu11.3+esm7, 2.23-0ubuntu7, 2.23-0ubuntu9 |
| Ubuntu:Pro:20.04:LTS | glibc | 2.31-0ubuntu9.2, 2.31-0ubuntu9.3, 2.31-0ubuntu9.7 |
| Ubuntu:Pro:18.04:LTS | glibc | 2.27-3ubuntu1.6+esm2, 2.26-0ubuntu2.1, 2.27-0ubuntu2 |
| Ubuntu:Pro:14.04:LTS | eglibc | 0, 2.17-93ubuntu4, 2.18-0ubuntu1 |
Exploit Intelligence
- https://sourceware.org/bugzilla/show_bug.cgi?id=22851 (nist-nvd)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
…and 22 more exploits
Timeline
- Jul 15, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-1010023 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-1010023 third-party-advisory