CVE-2025-4802 - log back

CVE-2025-4802 edited at 17 May 2025 23:52:12
Severity
- High
+ Critical
Remote
- Local
+ Unknown
References
https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2025-0002
+ https://www.openwall.com/lists/oss-security/2025/05/16/7
+ https://sourceware.org/bugzilla/show_bug.cgi?id=32976
+ https://nvd.nist.gov/vuln/detail/CVE-2025-4802
+ https://github.com/advisories/GHSA-8mm9-c4mg-vfjh
Notes
+ I don't think this can be exploited remotely. The original source [1] says "The only viable vector for exploitation of this bug is local" tho the GitHub SA [2] list the attack vector as remote.
+ [1]: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2025-0002
+ [2]: https://github.com/advisories/GHSA-8mm9-c4mg-vfjh
CVE-2025-4802 edited at 17 May 2025 23:40:58
Remote
- Unknown
+ Local
CVE-2025-4802 edited at 17 May 2025 23:40:35
Severity
- Unknown
+ High
Type
- Unknown
+ Arbitrary code execution
Description
+ A statically linked setuid binary that calls dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo) may incorrectly search LD_LIBRARY_PATH to determine which library to load, leading to the execution of library code that is attacker controlled.
+
+ The only viable vector for exploitation of this bug is local, if a static setuid program exists, and that program calls dlopen, then it may search LD_LIBRARY_PATH to locate the SONAME to load. No such program has been discovered at the time of publishing this advisory, but the presence of custom setuid programs, although strongly discouraged as a security practice, cannot be discounted.
References
+ https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2025-0002
CVE-2025-4802 created at 17 May 2025 23:31:08
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes