DEBIAN-CVE-2019-1010023

DEBIAN-CVE-2019-1010023 PUBLISHED CVSS 8.800000190734863 HIGH

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Risk Scores

CVSS 3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	glibc	0, 2.43-2, *
Debian:14	glibc	2.42-4, 2.42-15, 0
Debian:11	glibc	2.40-6, 2.40-6, 2.40-7
Debian:12	glibc	2.41-12, 2.41-13, 2.41-13

Exploit Intelligence

summary.html (github-poc)
dhi-victoriametrics-vmstorage.vex.json (github-poc)
vote.json (github-poc)
dockerscan.yml (github-poc)
security_scans.sh (github-poc)

Timeline

Jul 15, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-1010023 advisory

Open in Interactive Console →