Is CVE-2017-1000366 actively exploited?

CVE-2017-1000366 has no public evidence of in-the-wild exploitation as of 2025-04-20.

What is the CVSS score for CVE-2017-1000366?

CVE-2017-1000366 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2017-1000366?

Patch guidance is available from redhat security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2017-1000366.

Fix CVE-2017-1000366 - HIGH redhat enterprise linux

Q: Which products are affected by CVE-2017-1000366?

52 products: redhat enterprise linux, redhat enterprise linux, redhat enterprise linux, redhat enterprise linux desktop, redhat enterprise linux desktop, and 47 more.

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

CVSS Metrics

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: REDHAT
Published: 6/19/2017
Last Modified: 4/20/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

redhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_desktopredhat : enterprise_linux_desktopredhat : enterprise_linux_serverredhat : enterprise_linux_serverredhat : enterprise_linux_serverredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_eusredhat : enterprise_linux_server_long_liferedhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tusredhat : enterprise_linux_workstationredhat : enterprise_linux_workstationopenstack : cloud_magnum_orchestrationnovell : suse_linux_enterprise_desktopnovell : suse_linux_enterprise_point_of_salenovell : suse_linux_enterprise_serveropensuse : leapsuse : linux_enterprise_for_sapsuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_server_for_raspberry_pisuse : linux_enterprise_software_development_kitsuse : linux_enterprise_software_development_kitgnu : glibcdebian : debian_linuxdebian : debian_linuxmcafee : web_gatewaymcafee : web_gateway

Remediation Guidance

Executive Summary

View on NIST NVD