CVE-2005-3590

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2005-3590

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2005-3590.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2005-3590

Downstream

DEBIAN-CVE-2005-3590

Published

2019-04-10T20:29:00Z

Modified

2026-04-10T03:38:14.375835Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=661
https://sourceware.org/bugzilla/show_bug.cgi?id=661
https://sourceware.org/bugzilla/show_bug.cgi?id=661
http://www.securityfocus.com/bid/107871
https://support.f5.com/csp/article/K12740406

CVE-2005-3590

Affected packages