CVE-2013-4237

Description

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

How to fix CVE-2013-4237

To remediate CVE-2013-4237, upgrade the affected package to a fixed version below.

• Debian/glibc—upgrade to 2.17-94 or later

Is CVE-2013-4237 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.17-94

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-4237