CVE-2017-1000366

7.8 HIGH
Published: June 19, 2017 Modified: May 13, 2026
View on NVD

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: cve@mitre.org
http://seclists.org/fulldisclosure/2019/Sep/7
Source: cve@mitre.org
http://www.debian.org/security/2017/dsa-3887
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/99127
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038712
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1479
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1480
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1481
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1567
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1712
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-1000366
Source: cve@mitre.org
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
Source: cve@mitre.org
Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/7
Source: cve@mitre.org
https://security.gentoo.org/glsa/201706-19
Source: cve@mitre.org
Third Party Advisory
https://www.exploit-db.com/exploits/42274/
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42275/
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42276/
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Source: cve@mitre.org
Technical Description Third Party Advisory
https://www.suse.com/security/cve/CVE-2017-1000366/
Source: cve@mitre.org
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=7020973
Source: cve@mitre.org
Third Party Advisory
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2017/dsa-3887
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/99127
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038712
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1479
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1480
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1481
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1567
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1712
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-1000366
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201706-19
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.exploit-db.com/exploits/42274/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42275/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42276/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description Third Party Advisory
https://www.suse.com/security/cve/CVE-2017-1000366/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=7020973
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

40 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
2.7%
84th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

opensuse novell debian openstack redhat suse mcafee gnu

Related CVEs

CVE-2026-57346 7.1
CVE-2026-25707 8.8
CVE-2026-13601 7.1
CVE-2026-13557 4.3
CVE-2026-13556 4.3