Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-54450

RTLD_DI_ORIGIN subjected to buffer overflow due to inability to specify size

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Low
    • b52619f2e8bbae57d79c95538346198c4a9f24a6
    • 1
    • rhel-pt-c-libs
    • ssg_platform_tools
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • PT C Libraries 2026 S04
    • None
    • None
    • Enhancement
    • Hide
      Feature, enhancement:
      Reason:
      Result:
      Show
      Feature, enhancement: Reason: Result:
    • Proposed
    • None

      What were you trying to do that didn't work?

      Due to the inability to specify the size of a buffer when passing to it, the RTLD_DI_ORIGIN request of dlinfo can experience a buffer overflow.

      Please provide the package NVR for which bug is seen:

      glibc-2.34-100.el9_4.2.x86_64

      How reproducible:

      Behavior is consistently reproducible.

      Steps to reproduce

      N/A (See upstream bug listing linked below)

      Expected results

      Buffer Overflow does not occur as size can be specified.

      Actual results

      Buffer Overflow occurs due to not being able to specify a size.

      Additional

      An upstream glibc bug has already been filed for this behavior.

      https://sourceware.org/bugzilla/show_bug.cgi?id=24298

      Discussion in the upstream glibc mailing list can be found below:

      https://sourceware.org/pipermail/libc-alpha/2024-August/159072.html

              ashankar@redhat.com Arjun Shankar
              brclark@redhat.com Brandon Clark
              Arjun Shankar Arjun Shankar
              Sergey Kolosov Sergey Kolosov
              Malhar Jivrajani Malhar Jivrajani
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: