CVE-2025-4802

High CVSS: 7.8

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Vendor

Gnu

Product

Glibc

CWE

CWE-426

Yayın Tarihi

2025-05-16 20:15:22

Güncelleme

2025-11-03 20:19:11

Source Identifier

3ff69d7a-14f2-4f67-a097-88dee7810d18

KEV Date Added

Kategoriler

CWE-426 Glibc HIGH Gnu 2025

Referanslar

https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e http://www.openwall.com/lists/oss-security/2025/05/16/7 http://www.openwall.com/lists/oss-security/2025/05/17/2 https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html

Benzer Kayıtlar

Medium

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files…

Medium

CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t…

Medium

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read,…

Medium

CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malfor…

Medium

CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malfor…

High

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary wi…