all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

glibc qsort() Out-Of-Bounds Read / Write

Add to bookmarks
Jan. 31, 2024, 4:43 p.m. |

Packet Storm packetstormsecurity.com

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc …

attacker call check corruption function glibc large malloc memory memory corruption missing out-of-bounds program qualys vulnerable

Visit resource

More from packetstormsecurity.com / Packet Storm

The Not-So-Silent Type 18 hours ago | packetstormsecurity.com
apps called keyboard keystrokes +6
Ubuntu Security Notice USN-6754-1 18 hours ago | packetstormsecurity.com
attacker denial of service http implementation +11
Ubuntu Security Notice USN-6753-1 18 hours ago | packetstormsecurity.com
attacker configuration cryptographic default +14
Debian Security Advisory 5674-1 18 hours ago | packetstormsecurity.com
advisory debian debian linux security denial of service +9
Ubuntu Security Notice USN-6751-1 18 hours ago | packetstormsecurity.com
attacker attacks cross-site data +11
Ubuntu Security Notice USN-6752-1 18 hours ago | packetstormsecurity.com
attacker crash denial of service issue +10
Red Hat Security Advisory 2024-2066-03 18 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2064-03 18 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2063-03 18 hours ago | packetstormsecurity.com
advisory buffer buffer overflow enterprise +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US
View on infosec-jobs.com
View more jobs