CVE-2013-4788
CVE-2013-4788
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28657unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://hmarco.org/bugs/CVE-2013-4788.htmlhttp://seclists.org/fulldisclosure/2015/Sep/23https://security.gentoo.org/glsa/201503-04http://www.mandriva.com/security/advisories?name=MDVSA-2013:283http://www.mandriva.com/security/advisories?name=MDVSA-2013:284http://www.openwall.com/lists/oss-security/2013/07/15/9http://www.securityfocus.com/bid/61183