[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-16997":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":150,"aliases":151,"duplicate_of":9,"upstream":152,"downstream":153,"duplicates":170,"related":171,"reserved_at":9,"published_at":176,"modified_at":177,"state":178,"summary":179,"references_raw":188,"kevs":223,"epss":224,"epss_history":227,"metrics":491,"affected":502},"CVE-2017-16997","elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-426","Untrusted Search Path","The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.","weakness","Stable","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-38","Leveraging/Manipulating Configuration File Search Paths",[24,110],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.007","Path Interception by PATH Environment Variable",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,57,61,66,71,76,81,86,90,94,98,102,106],{"id":45,"name":46,"tactic":47},"D3-FA","File Analysis",{"name":48},"Detect",{"id":50,"name":51,"tactic":52},"D3-FIM","File Integrity Monitoring",{"name":48},{"id":54,"name":55,"tactic":56},"D3-DA","Dynamic Analysis",{"name":48},{"id":58,"name":59,"tactic":60},"D3-EFA","Emulated File Analysis",{"name":48},{"id":62,"name":63,"tactic":64},"D3-FEV","File Eviction",{"name":65},"Evict",{"id":67,"name":68,"tactic":69},"D3-DF","Decoy File",{"name":70},"Deceive",{"id":72,"name":73,"tactic":74},"D3-FE","File Encryption",{"name":75},"Harden",{"id":77,"name":78,"tactic":79},"D3-RF","Restore File",{"name":80},"Restore",{"id":82,"name":83,"tactic":84},"D3-CF","Content Filtering",{"name":85},"Isolate",{"id":87,"name":88,"tactic":89},"D3-LFP","Local File Permissions",{"name":85},{"id":91,"name":92,"tactic":93},"D3-RFAM","Remote File Access Mediation",{"name":85},{"id":95,"name":96,"tactic":97},"D3-CQ","Content Quarantine",{"name":85},{"id":99,"name":100,"tactic":101},"D3-CM","Content Modification",{"name":85},{"id":103,"name":104,"tactic":105},"D3-EAL","Executable Allowlisting",{"name":85},{"id":107,"name":108,"tactic":109},"D3-EDL","Executable Denylisting",{"name":85},{"id":111,"name":112,"tactics":113,"countermeasures":119},"T1574.009","Path Interception by Unquoted Path",[114,115,116,117,118],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[120,122,124,126,128,130,132,134,136,138,140,142,144,146,148],{"id":45,"name":46,"tactic":121},{"name":48},{"id":50,"name":51,"tactic":123},{"name":48},{"id":54,"name":55,"tactic":125},{"name":48},{"id":58,"name":59,"tactic":127},{"name":48},{"id":62,"name":63,"tactic":129},{"name":65},{"id":67,"name":68,"tactic":131},{"name":70},{"id":72,"name":73,"tactic":133},{"name":75},{"id":77,"name":78,"tactic":135},{"name":80},{"id":82,"name":83,"tactic":137},{"name":85},{"id":87,"name":88,"tactic":139},{"name":85},{"id":91,"name":92,"tactic":141},{"name":85},{"id":95,"name":96,"tactic":143},{"name":85},{"id":99,"name":100,"tactic":145},{"name":85},{"id":103,"name":104,"tactic":147},{"name":85},{"id":107,"name":108,"tactic":149},{"name":85},[],[],[],[154,156,158,160,162,164,166,168],{"_key":155},"SUSE-SU-2018:0074-1",{"_key":157},"OPENSUSE-SU-2024:10792-1",{"_key":159},"MGASA-2018-0096",{"_key":161},"MGASA-2018-0098",{"_key":163},"UBUNTU-CVE-2017-16997",{"_key":165},"USN-3534-1",{"_key":167},"DEBIAN-CVE-2017-16997",{"_key":169},"RHSA-2018:3092",[],[172,173,174,175],{"_key":155},{"_key":157},{"_key":159},{"_key":161},"2017-12-18T01:00:00.000Z","2024-08-05T20:43:59.423Z","Modified",{"cisa_kev":180,"cisa_ransomware":180,"cisa_vendor":9,"epss_severity":181,"epss_score":182,"severity":183,"severity_score":184,"severity_version":185,"severity_source":186,"severity_vector":187,"severity_status":178},false,"low",0.01133,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[189,198,204,208,213,219],{"url":190,"sources":191,"tags":193},"https://sourceware.org/bugzilla/show_bug.cgi?id=22625",[192,186],"cve.org",[194,195,196,197],"X Refsource CONFIRM","Issue Tracking","Patch","Third Party Advisory",{"url":199,"sources":200,"tags":201},"http://www.securityfocus.com/bid/102228",[192,186],[202,203,197],"VDB Entry","X Refsource BID",{"url":205,"sources":206,"tags":207},"https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html",[192,186],[194,195,196,197],{"url":209,"sources":210,"tags":211},"https://bugs.debian.org/884615",[192,186],[194,195,212,196,197],"Mailing List",{"url":214,"sources":215,"tags":216},"https://access.redhat.com/errata/RHSA-2018:3092",[192,186],[217,218,197],"Vendor Advisory","X Refsource REDHAT",{"url":220,"sources":221,"tags":222},"https://access.redhat.com/errata/RHBA-2019:0327",[192,186],[217,218,197],[],{"date":225,"score":182,"percentile":226},"2026-06-04",0.78685,[228,232,235,238,241,244,248,251,254,257,261,264,267,269,272,276,279,282,285,288,291,294,297,299,301,304,307,310,314,317,320,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,372,375,377,379,382,385,388,391,394,396,399,402,405,409,412,415,418,421,424,427,429,432,435,438,441,444,447,450,453,455,458,460,463,466,469,472,475,478,481,483,485,488],{"date":229,"score":230,"percentile":231},"2025-11-04",0.00663,0.70381,{"date":233,"score":230,"percentile":234},"2025-11-05",0.70366,{"date":236,"score":230,"percentile":237},"2025-11-06",0.70363,{"date":239,"score":230,"percentile":240},"2025-11-07",0.70377,{"date":242,"score":230,"percentile":243},"2025-11-08",0.7038,{"date":245,"score":246,"percentile":247},"2025-11-09",0.00769,0.72691,{"date":249,"score":246,"percentile":250},"2025-11-10",0.72682,{"date":252,"score":246,"percentile":253},"2025-11-11",0.72687,{"date":255,"score":246,"percentile":256},"2025-11-12",0.72704,{"date":258,"score":259,"percentile":260},"2025-11-13",0.01042,0.76773,{"date":262,"score":259,"percentile":263},"2025-11-14",0.7678,{"date":265,"score":259,"percentile":266},"2025-11-15",0.76775,{"date":268,"score":259,"percentile":260},"2025-11-16",{"date":270,"score":259,"percentile":271},"2025-11-17",0.76763,{"date":273,"score":274,"percentile":275},"2025-11-18",0.0107,0.7586,{"date":277,"score":274,"percentile":278},"2025-11-19",0.75866,{"date":280,"score":274,"percentile":281},"2025-11-20",0.75877,{"date":283,"score":259,"percentile":284},"2025-11-21",0.76789,{"date":286,"score":259,"percentile":287},"2025-11-22",0.76788,{"date":289,"score":259,"percentile":290},"2025-11-23",0.76774,{"date":292,"score":259,"percentile":293},"2025-11-24",0.76776,{"date":295,"score":259,"percentile":296},"2025-11-25",0.76782,{"date":298,"score":259,"percentile":287},"2025-11-26",{"date":300,"score":259,"percentile":284},"2025-11-27",{"date":302,"score":259,"percentile":303},"2025-11-28",0.76778,{"date":305,"score":259,"percentile":306},"2025-11-29",0.76785,{"date":308,"score":259,"percentile":309},"2025-11-30",0.76783,{"date":311,"score":312,"percentile":313},"2025-12-01",0.006,0.68723,{"date":315,"score":312,"percentile":316},"2025-12-02",0.68731,{"date":318,"score":312,"percentile":319},"2025-12-03",0.68727,{"date":321,"score":259,"percentile":263},"2025-12-04",{"date":323,"score":259,"percentile":324},"2025-12-05",0.76787,{"date":326,"score":259,"percentile":327},"2025-12-06",0.7679,{"date":329,"score":259,"percentile":330},"2025-12-07",0.76786,{"date":332,"score":259,"percentile":333},"2025-12-08",0.76792,{"date":335,"score":259,"percentile":336},"2025-12-09",0.76819,{"date":338,"score":259,"percentile":339},"2025-12-10",0.76847,{"date":341,"score":259,"percentile":342},"2025-12-11",0.76863,{"date":344,"score":259,"percentile":345},"2025-12-12",0.76882,{"date":347,"score":259,"percentile":348},"2025-12-13",0.76881,{"date":350,"score":259,"percentile":351},"2025-12-14",0.76879,{"date":353,"score":259,"percentile":354},"2025-12-15",0.76872,{"date":356,"score":259,"percentile":357},"2025-12-16",0.76883,{"date":359,"score":259,"percentile":360},"2025-12-17",0.76894,{"date":362,"score":259,"percentile":363},"2025-12-18",0.76908,{"date":365,"score":259,"percentile":366},"2025-12-19",0.76921,{"date":368,"score":259,"percentile":369},"2025-12-20",0.76915,{"date":371,"score":259,"percentile":363},"2025-12-21",{"date":373,"score":259,"percentile":374},"2025-12-22",0.76904,{"date":376,"score":259,"percentile":374},"2025-12-23",{"date":378,"score":259,"percentile":369},"2025-12-24",{"date":380,"score":259,"percentile":381},"2025-12-25",0.76934,{"date":383,"score":259,"percentile":384},"2025-12-26",0.76932,{"date":386,"score":259,"percentile":387},"2025-12-27",0.76983,{"date":389,"score":259,"percentile":390},"2025-12-28",0.76917,{"date":392,"score":259,"percentile":393},"2025-12-29",0.76912,{"date":395,"score":259,"percentile":366},"2025-12-30",{"date":397,"score":259,"percentile":398},"2025-12-31",0.76942,{"date":400,"score":312,"percentile":401},"2026-01-01",0.68962,{"date":403,"score":312,"percentile":404},"2026-01-02",0.68952,{"date":406,"score":407,"percentile":408},"2026-01-03",0.00642,0.70162,{"date":410,"score":182,"percentile":411},"2026-01-04",0.77865,{"date":413,"score":182,"percentile":414},"2026-01-05",0.77857,{"date":416,"score":182,"percentile":417},"2026-01-06",0.77866,{"date":419,"score":182,"percentile":420},"2026-01-07",0.77872,{"date":422,"score":182,"percentile":423},"2026-01-08",0.77878,{"date":425,"score":182,"percentile":426},"2026-01-09",0.77883,{"date":428,"score":182,"percentile":426},"2026-01-10",{"date":430,"score":182,"percentile":431},"2026-01-11",0.77875,{"date":433,"score":182,"percentile":434},"2026-01-12",0.77861,{"date":436,"score":182,"percentile":437},"2026-01-13",0.77859,{"date":439,"score":182,"percentile":440},"2026-01-14",0.77881,{"date":442,"score":182,"percentile":443},"2026-01-15",0.77885,{"date":445,"score":182,"percentile":446},"2026-01-16",0.77894,{"date":448,"score":182,"percentile":449},"2026-01-17",0.779,{"date":451,"score":182,"percentile":452},"2026-01-18",0.77896,{"date":454,"score":182,"percentile":446},"2026-01-19",{"date":456,"score":182,"percentile":457},"2026-01-20",0.77888,{"date":459,"score":182,"percentile":446},"2026-01-21",{"date":461,"score":182,"percentile":462},"2026-01-22",0.77901,{"date":464,"score":182,"percentile":465},"2026-01-23",0.77928,{"date":467,"score":182,"percentile":468},"2026-01-24",0.7794,{"date":470,"score":182,"percentile":471},"2026-01-25",0.77931,{"date":473,"score":182,"percentile":474},"2026-01-26",0.77926,{"date":476,"score":182,"percentile":477},"2026-01-27",0.77924,{"date":479,"score":182,"percentile":480},"2026-01-28",0.7793,{"date":482,"score":182,"percentile":474},"2026-01-29",{"date":484,"score":182,"percentile":480},"2026-01-30",{"date":486,"score":182,"percentile":487},"2026-01-31",0.77932,{"date":489,"score":407,"percentile":490},"2026-02-01",0.70238,[492],{"source":186,"cvss_v2_0":493,"cvss_v3_0":496,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":184,"baseSeverity":9,"vectorString":187,"impactScore":494,"exploitabilityScore":495},10,8.6,{"baseScore":497,"baseSeverity":498,"vectorString":499,"impactScore":500,"exploitabilityScore":501},7.8,"HIGH","CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,4.6,[503,523,531,536],{"ecosystem":9,"name":504,"vendor":505,"product":504,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"glibc","gnu","a",[508,511,513,515,517,519,521],{"version":509,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.19","cpe",{"version":512,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.20",{"version":514,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.21",{"version":516,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.22",{"version":518,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.23",{"version":520,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.25",{"version":522,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.26",{"ecosystem":9,"name":524,"vendor":525,"product":526,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"enterprise linux desktop","redhat","enterprise_linux_desktop","o",[529],{"version":530,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":532,"vendor":525,"product":533,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":534},"enterprise linux server","enterprise_linux_server",[535],{"version":530,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":537,"vendor":525,"product":538,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":539},"enterprise linux workstation","enterprise_linux_workstation",[540],{"version":530,"is_range":180,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]