N/A

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

释放后使用

GNU C Library 资源管理错误漏洞

GNU C Library（glibc，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.14版本中的glob存在资源管理错误漏洞。本地攻击者可通过创建特制路径利用该漏洞执行任意代码。

N/A

N/A