CVE-2013-4788
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2013-4788
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-4788.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2013-4788
- Downstream
- Related
- Published
- 2013-10-04T17:55:09Z
- Modified
- 2025-08-09T20:01:27Z
- Summary
- [none]
- Details
-
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
- References
-
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
- https://security.gentoo.org/glsa/201503-04
- http://hmarco.org/bugs/CVE-2013-4788.html
- http://www.openwall.com/lists/oss-security/2013/07/15/9
- http://seclists.org/fulldisclosure/2015/Sep/23
- http://www.securityfocus.com/bid/61183