CVE-2011-1095
EPSS 0.14%
Description
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
How to fix CVE-2011-1095
To remediate CVE-2011-1095, upgrade the affected package to a fixed version below.
- Debian/glibc—upgrade to 2.13-16 or later
Is CVE-2011-1095 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.13-16