DEBIAN-CVE-2017-1000366

DEBIAN-CVE-2017-1000366 PUBLISHED CVSS 7.800000190734863 HIGH

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Risk Scores

CVSS v3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	glibc	0, 0, 0
Debian:14	glibc	0, 0, 0
Debian:13	glibc	0, 0, 0
Debian:12	glibc	0, 0, 0

Timeline

Jun 19, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-1000366 advisory

Open in Interactive Console →