CVE-2017-7476

Metadata

high
7.5
gnulib
CVE-2017-7476
cve.mitre.org
2017-05-02
2017-10-23 14:23
CVE-2017-7476 gnulib
2017-07-20 21:33
2017-06-16 19:22
2017-05-10 23:55
2017-05-03 21:03
2017-04-28 13:03

Description

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful gnulib None
devel gnulib None
trusty gnulib None
xenial gnulib None
zesty gnulib None

Unaffected

Release Package Reason
precise gnulib ignored
precise/esm gnulib DNE
vivid/stable-phone-overlay gnulib DNE
vivid/ubuntu-core gnulib DNE
yakkety gnulib ignored

Needs Triage

Release Package Reason
upstream gnulib needs-triage