CVE-2005-3590

CRITICAL

glibc < 2.3.5 - Buffer Overflow in getgrouplist Function

Title source: llm
STIX 2.1

Description

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=661
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107871
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K12740406

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 62.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
gnu/glibc < 2.3.5
Published Apr 10, 2019
Tracked Since Feb 18, 2026