N/A

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

N/A

N/A

GNU C Library 输入验证错误漏洞

GNU C Library（glibc，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 存在输入验证错误漏洞，该漏洞源于glibc中发现了一个整数溢出的缺陷，在wordxp与一个特殊设计的不可信正则表达式输入一起使用时产生。攻击者可利用该漏洞导致读取任意内存。

N/A

N/A