Red Hat Bugzilla – Bug 1315647
CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory
Last modified: 2017-11-08 13:23:43 EST
It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content.
Upstream bug (contains reproducer):
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1315648]
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.