CVE-2005-3590 in C Libraryinfo

Summary

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/10/2019

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119

CVSS

8.5

EPSS

0.00426

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-3590
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3590
CVE Details	https://www.cvedetails.com/cve/CVE-2005-3590/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!