Launchpad.net

CVE 2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Related bugs and status

CVE-2013-4788 (Candidate) is related to these bugs:

Bug #1020210: Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption

		In	Importance	Status
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc (Ubuntu)	Undecided	Fix Released
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc	Medium	Fix Released
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4788

Related bugs and status

Related bugs

References