CVE-2014-4043

EPSS 1.6%

Published: 10/6/2014Modified: 4/28/2026

Description

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Affected packages (1)

Debian/glibcfrom 0, < 2.19-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-4043