Medium severity5.5NVD Advisory· Published Jan 20, 2016· Updated Jun 17, 2026
CVE-2015-8777
CVE-2015-8777
Description
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords19 versionspkg:rpm/opensuse/glibc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 2.24-2.3+ 18 more
- (no CPE)range: < 2.24-2.3
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.19-22.13.1
- (no CPE)range: < 2.19-35.1
- (no CPE)range: < 2.11.3-17.45.66.1
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.19-22.13.1
- (no CPE)range: < 2.19-35.1
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.19-22.13.1
- (no CPE)range: < 2.19-35.1
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.11.3-17.95.2
- (no CPE)range: < 2.19-22.13.1
- (no CPE)range: < 2.19-35.1
Patches
Vulnerability mechanics
References
15- hmarco.org/bugs/glibc_ptr_mangle_weakness.htmlnvdExploit
- lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlnvd
- www.debian.org/security/2016/dsa-3480nvd
- www.openwall.com/lists/oss-security/2016/01/20/1nvd
- www.securityfocus.com/bid/81469nvd
- www.securitytracker.com/id/1034811nvd
- www.ubuntu.com/usn/USN-2985-1nvd
- www.ubuntu.com/usn/USN-2985-2nvd
- access.redhat.com/errata/RHSA-2017:1916nvd
- security.gentoo.org/glsa/201702-11nvd
- sourceware.org/bugzilla/show_bug.cginvd
News mentions
0No linked articles in our index yet.