VULHUB ™

The GNU C library ('glibc') includes support for functionality known as file globbing. File globbing allows for lists of files to be created based on search patterns that include wildcards (for example : '*') and other metacharacters. This implementation contains a vulnerability which may allow for the execution of arbitrary code by an application that uses glibc file globbing. The vulnerability is related to a failure to properly handle strings that end with the '{' character. It is reportedly possible for attackers to submit input to the globbing functions that eventually causes free() to be called on memory they control. This situation can be exploited to overwrite a word in memory with an arbitrary value. Attackers may overwrite function pointers or return addresses to force execution of arbitrary instructions.

The GNU C library ('glibc') includes support for functionality known as file globbing. File globbing allows for lists of files to be created based on search patterns that include wildcards (for example : '*') and other metacharacters. This implementation contains a vulnerability which may allow for the execution of arbitrary code by an application that uses glibc file globbing. The vulnerability is related to a failure to properly handle strings that end with the '{' character. It is reportedly possible for attackers to submit input to the globbing functions that eventually causes free() to be called on memory they control. This situation can be exploited to overwrite a word in memory with an arbitrary value. Attackers may overwrite function pointers or return addresses to force execution of arbitrary instructions.