Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Glibc | Gnu | 2.1.2 | 2.1.2 |
Glibc | Gnu | 2.11 | 2.11 |
Glibc | Gnu | 2.0.5 | 2.0.5 |
Glibc | Gnu | 2.0.6 | 2.0.6 |
Glibc | Gnu | 2.10.1 | 2.10.1 |
Glibc | Gnu | 2.1.1 | 2.1.1 |
Glibc | Gnu | 2.14 | 2.14 |
Glibc | Gnu | 2.0.3 | 2.0.3 |
Glibc | Gnu | 2.0 | 2.0 |
Glibc | Gnu | 2.13 | 2.13 |
Glibc | Gnu | 2.1.1.6 | 2.1.1.6 |
Glibc | Gnu | 2.1 | 2.1 |
Glibc | Gnu | 2.1.9 | 2.1.9 |
Glibc | Gnu | 2.12.1 | 2.12.1 |
Glibc | Gnu | 2.0.1 | 2.0.1 |
Glibc | Gnu | 2.14.1 | 2.14.1 |
Glibc | Gnu | 2.11.2 | 2.11.2 |
Glibc | Gnu | 2.0.4 | 2.0.4 |
Glibc | Gnu | 2.0.2 | 2.0.2 |
Glibc | Gnu | 2.16 | 2.16 |
Glibc | Gnu | * | 2.17 |
Glibc | Gnu | 2.11.3 | 2.11.3 |
Glibc | Gnu | 2.11.1 | 2.11.1 |
Glibc | Gnu | 2.1.3 | 2.1.3 |
Glibc | Gnu | 2.15 | 2.15 |
Glibc | Gnu | 2.12.2 | 2.12.2 |