CVE-2014-4043

Published: Oct 6, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Affected (2)

Products: Gnu: Glibc · Opensuse: Opensuse

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.19

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (32)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2019/Jun/18

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2019/Sep/7

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:152

Source: cve@mitre.org

http://www.securityfocus.com/bid/68006

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1109263

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/93784

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Jun/14

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Sep/7

Source: cve@mitre.org

https://security.gentoo.org/glsa/201503-04

Source: cve@mitre.org

https://sourceware.org/bugzilla/show_bug.cgi?id=17048

Source: cve@mitre.org

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%3Bh=3020b9ac232315df362521aeaf85f21cb9926db8%3Bhp=d86e73963dd9fb5e21b1a28326630337226812aa%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845

Source: cve@mitre.org

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spawn_faction_addopen.c%3Bh=40800b8e6e81341501c0fb8a91009529e2048dec%3Bhp=47f62425b696a4fdd511b2a057746322eb6518db%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845

Source: cve@mitre.org

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9baad22172b64429362

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html