Fluid Attacks Database

Description

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	glibc	>=0 <2.3.5-3	2.3.5-3
debian 11	glibc	>=0 <2.3.5-3	2.3.5-3
debian 12	glibc	>=0 <2.3.5-3	2.3.5-3
debian 13	glibc	>=0 <2.3.5-3	2.3.5-3

Aliases

1. CVE-2005-35902. NVD-2005-35903. OSV-DEBIAN-2005-35904. OSV-2005-35905. SECURITY-TRACKER-CVE-2005-3590

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.