VYPR
Get started
← All advisories
High severity7.8NVD Advisory· Published Jun 19, 2017· Updated May 13, 2026

CVE-2017-1000366

CVE-2017-1000366

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Affected products

51
  • GNU/Glibc
    cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
    Range: <=2.25
  • McAfee/Web Gateway
    cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
    Range: <=7.6.2.14
  • OpenStack/Cloud Magnum Orchestration
    cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*
  • Debian/Debian Linux2 versions
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • Novell/Suse Linux Enterprise Desktop
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*
  • Novell/Suse Linux Enterprise Point Of Sale
    cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*
  • Novell/Suse Linux Enterprise Server
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
  • OpenSUSE/Leap
    cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux3 versions
    cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server3 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus9 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Eus8 versions
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Long Life
    cpe:2.3:o:redhat:enterprise_linux_server_long_life:5.9:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus5 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise For Sap
    cpe:2.3:o:suse:linux_enterprise_for_sap:12:sp1:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Server5 versions
    cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*+ 4 more
    • cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
  • SUSE S.A./Linux Enterprise Server For Raspberry Pi
    cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Software Development Kit2 versions
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

20

News mentions

0

No linked articles in our index yet.