← back
CVE-2018-1000001

CVE-2018-1000001

EPSS 13.4%◆ VulnCheck KEV
Vexday Risk Score
67High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (31 stars) — exploitation code widely available.
CVSS EPSS 13.4%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
16 Jan 2018Metasploit module available
16 Jan 2018Public PoC
31 Jan 2018Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.