DEBIAN-CVE-2018-1000001

DEBIAN-CVE-2018-1000001 PUBLISHED CVSS 7.800000190734863 HIGH

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Risk Scores

CVSS 3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian	glibc
Debian:12	glibc	0, 0, 0
Debian:11	glibc	0, 0, 0
Debian:14	glibc	0, 0, 0
Debian:13	glibc	0, 0, 0

Exploit Intelligence

Tools for get offsets and adding patch for support i386 (github-poc-repo)
Tools for get offsets and adding patch for support i386 (github-poc)
glibc getcwd() local privilege escalation compiled binaries (github-poc)
2025-05-12.json (github-poc)

Timeline

Jan 31, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-1000001 advisory

Open in Interactive Console →