[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-3534-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":42,"duplicates":43,"related":44,"reserved_at":9,"published_at":52,"modified_at":53,"state":9,"summary":54,"references_raw":56,"kevs":92,"epss":9,"epss_history":93,"metrics":94,"affected":95},"USN-3534-1","eglibc, glibc vulnerabilities\n\nIt was discovered that the GNU C library did not properly handle all of\nthe possible return values from the kernel getcwd(2) syscall. A local\nattacker could potentially exploit this to execute arbitrary code in setuid\nprograms and gain administrative privileges. (CVE-2018-1000001)\n\nA memory leak was discovered in the _dl_init_paths() function in the GNU\nC library dynamic loader. A local attacker could potentially exploit this\nwith a specially crafted value in the LD_HWCAP_MASK environment variable,\nin combination with CVE-2017-1000409 and another vulnerability on a system\nwith hardlink protections disabled, in order to gain administrative\nprivileges. (CVE-2017-1000408)\n\nA heap-based buffer overflow was discovered in the _dl_init_paths()\nfunction in the GNU C library dynamic loader. A local attacker could\npotentially exploit this with a specially crafted value in the\nLD_LIBRARY_PATH environment variable, in combination with CVE-2017-1000408\nand another vulnerability on a system with hardlink protections disabled,\nin order to gain administrative privileges. (CVE-2017-1000409)\n\nAn off-by-one error leading to a heap-based buffer overflow was discovered\nin the GNU C library glob() implementation. An attacker could potentially\nexploit this to cause a denial of service or execute arbitrary code via a\nmaliciously crafted pattern. (CVE-2017-15670)\n\nA heap-based buffer overflow was discovered during unescaping of user names\nwith the ~ operator in the GNU C library glob() implementation. An attacker\ncould potentially exploit this to cause a denial of service or execute\narbitrary code via a maliciously crafted pattern. (CVE-2017-15804)\n\nIt was discovered that the GNU C library dynamic loader mishandles RPATH\nand RUNPATH containing $ORIGIN for privileged (setuid or AT_SECURE)\nprograms. A local attacker could potentially exploit this by providing a\nspecially crafted library in the current working directory in order to\ngain administrative privileges. (CVE-2017-16997)\n\nIt was discovered that the GNU C library malloc() implementation could\nreturn a memory block that is too small if an attempt is made to allocate\nan object whose size is close to SIZE_MAX, resulting in a heap-based\noverflow. An attacker could potentially exploit this to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 17.10.\n(CVE-2017-17426)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40],{"_key":15},"CVE-2017-1000408",{"_key":17},"CVE-2017-1000409",{"_key":19},"CVE-2017-15670",{"_key":21},"CVE-2017-15804",{"_key":23},"CVE-2017-16997",{"_key":25},"CVE-2017-17426",{"_key":27},"CVE-2018-1000001",{"_key":29},"UBUNTU-CVE-2017-1000408",{"_key":31},"UBUNTU-CVE-2017-1000409",{"_key":33},"UBUNTU-CVE-2017-15670",{"_key":35},"UBUNTU-CVE-2017-15804",{"_key":37},"UBUNTU-CVE-2017-16997",{"_key":39},"UBUNTU-CVE-2017-17426",{"_key":41},"UBUNTU-CVE-2018-1000001",[],[],[45,46,47,48,49,50,51],{"_key":39},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":41},"2018-01-17T12:57:11Z","2026-04-22T09:42:09.265621Z",{"cisa_kev":55,"cisa_ransomware":55,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[57,63,68,72,76,80,84,88],{"url":58,"sources":59,"tags":61},"https://ubuntu.com/security/notices/USN-3534-1",[60],"osv_ubuntu",[62],"Advisory",{"url":64,"sources":65,"tags":66},"https://ubuntu.com/security/CVE-2017-15670",[60],[67],"REPORT",{"url":69,"sources":70,"tags":71},"https://ubuntu.com/security/CVE-2017-15804",[60],[67],{"url":73,"sources":74,"tags":75},"https://ubuntu.com/security/CVE-2017-16997",[60],[67],{"url":77,"sources":78,"tags":79},"https://ubuntu.com/security/CVE-2017-17426",[60],[67],{"url":81,"sources":82,"tags":83},"https://ubuntu.com/security/CVE-2017-1000408",[60],[67],{"url":85,"sources":86,"tags":87},"https://ubuntu.com/security/CVE-2017-1000409",[60],[67],{"url":89,"sources":90,"tags":91},"https://ubuntu.com/security/CVE-2018-1000001",[60],[67],[],[],[],[96,108],{"ecosystem":97,"name":98,"vendor":99,"product":98,"cpe_part":9,"purl_type":100,"purl_namespace":99,"purl_name":98,"source":9,"versions":101},"Ubuntu","eglibc","ubuntu","deb",[102],{"version":103,"is_range":104,"range_type":105,"version_start":9,"version_start_type":9,"version_end":106,"version_end_type":107,"fixed_in":9},"lt2_19_0ubuntu6_14",true,"ecosystem","2.19-0ubuntu6.14","excluding",{"ecosystem":97,"name":109,"vendor":99,"product":109,"cpe_part":9,"purl_type":100,"purl_namespace":99,"purl_name":109,"source":9,"versions":110},"glibc",[111],{"version":112,"is_range":104,"range_type":105,"version_start":9,"version_start_type":9,"version_end":113,"version_end_type":107,"fixed_in":9},"lt2_23_0ubuntu10","2.23-0ubuntu10"]