VIR Vulnerability Intelligence Relay

CVE-2013-4788

medium
Published 2013-10-04 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.1

Description

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.17-94
debian debianbullseyefixed2.17-94
debian debianforkyfixed2.17-94
debian debiansidfixed2.17-94
debian debiantrixiefixed2.17-94

Application impact
VendorProductVersionsFixed
gnuglibc{"endIncluding":"2.17"}
gnuglibc2.0
gnuglibc2.0.1
gnuglibc2.0.2
gnuglibc2.0.3
gnuglibc2.0.4
gnuglibc2.0.5
gnuglibc2.0.6
gnuglibc2.1
gnuglibc2.1.1
gnuglibc2.1.1.6
gnuglibc2.1.2
gnuglibc2.1.3
gnuglibc2.1.9
gnuglibc2.4
gnuglibc2.10.1
gnuglibc2.11
gnuglibc2.11.1
gnuglibc2.11.2
gnuglibc2.11.3
gnuglibc2.12.1
gnuglibc2.12.2
gnuglibc2.13
gnuglibc2.14
gnuglibc2.14.1
gnuglibc2.15
gnuglibc2.16
gnueglibc

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.