Unrated severityNVD Advisory· Published Oct 6, 2014· Updated May 6, 2026

CVE-2014-4043

Description

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Affected products

GNU/Glibc
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Range: <=2.19
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdExploit
lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.htmlnvd
packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlnvd
packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlnvd
seclists.org/fulldisclosure/2019/Jun/18nvd
seclists.org/fulldisclosure/2019/Sep/7nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/68006nvd
exchange.xforce.ibmcloud.com/vulnerabilities/93784nvd
seclists.org/bugtraq/2019/Jun/14nvd
seclists.org/bugtraq/2019/Sep/7nvd
security.gentoo.org/glsa/201503-04nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000