The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-165-1 | eglibc security update |
![]() |
DSA-3169-1 | eglibc security update |
![]() |
EUVD-2014-3974 | The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. |
![]() |
USN-2306-1 | GNU C Library vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T11:04:28.427Z
Reserved: 2014-06-12T00:00:00
Link: CVE-2014-4043

No data.

Status : Deferred
Published: 2014-10-06T23:55:08.530
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-4043


No data.