CVE-2014-0475

GNU C Library <2.20 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

References (10)

Core 10

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2976

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/68505

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030569

Vendor Advisory vendor-advisory x_refsource_redhat

https://rhn.redhat.com/errata/RHSA-2014-1110.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/07/14/6

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201602-02

Patch x_refsource_confirm

https://sourceware.org/bugzilla/show_bug.cgi?id=17137

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/07/10/7

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2014:152

Various Sources x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2015-0092.html

Scores

EPSS 0.0078

EPSS Percentile 73.9%

Details

CWE

CWE-22

Status published

Products (29)

gnu/glibc 2.0

gnu/glibc 2.0.1

gnu/glibc 2.0.2

gnu/glibc 2.0.3

gnu/glibc 2.0.4

gnu/glibc 2.0.5

gnu/glibc 2.0.6

gnu/glibc 2.1

gnu/glibc 2.1.1

gnu/glibc 2.1.1.6

... and 19 more

Published Jul 29, 2014

Tracked Since Feb 18, 2026