Search for vulnerabilities
Vulnerability details: VCID-qhad-827m-aaap
Vulnerability ID VCID-qhad-827m-aaap
Aliases CVE-2007-3508
Summary ** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
Status Disputed
Exploitability 0.5
Weighted Severity 6.5
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
epss 0.00060 https://api.first.org/data/v1/epss?cve=CVE-2007-3508
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=247208
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2007-3508
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=183844
http://osvdb.org/37901
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3508.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508
http://secunia.com/advisories/25864
http://security.gentoo.org/glsa/glsa-200707-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/35240
http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.5/1600_all_glibc-hwcap-mask-secure.patch?rev=1.1&view=markup
http://www.securityfocus.com/bid/24758
http://www.securitytracker.com/id?1018334
http://www.sourceware.org/ml/libc-hacker/2007-07/msg00001.html
http://www.vupen.com/english/advisories/2007/2418
247208 https://bugzilla.redhat.com/show_bug.cgi?id=247208
431858 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431858
cpe:2.3:a:gentoo:glibc:*:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gentoo:glibc:*:r3:*:*:*:*:*:*
CVE-2007-3508 https://nvd.nist.gov/vuln/detail/CVE-2007-3508
GLSA-200707-04 https://security.gentoo.org/glsa/200707-04
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3508
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-21T19:36:53.942637+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2007-3508 34.0.1