<p>Upgrade <code>Debian:10</code> <code>glibc</code> to version 2.11.2-8 or higher.</p>

Link Following Affecting glibc package, versions <2.11.2-8

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

EPSS 0.08% (35^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN10-GLIBC-356608
published 7 Jan 2011
disclosed 7 Jan 2011

Report a new vulnerability Found a mistake?

Introduced: 7 Jan 2011

CVE-2010-3847 Open this link in a new tab CWE-59 Open this link in a new tab

How to fix?

Upgrade Debian:10 glibc to version 2.11.2-8 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.