CVE-2018-1000001

CVE: CVE-2018-1000001
Published: 2018-01-31T14:29Z
Vendor: gnu
Products: glibc
Versions: 2.26,
Description Language: en
Description: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
References:
http://seclists.org/oss-sec/2018/q1/38
http://www.securityfocus.com/bid/102525
http://www.securitytracker.com/id/1040162
https://www.exploit-db.com/exploits/43775/
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/