{"id":"CVE-2013-4788","details":"The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.","modified":"2026-04-16T06:18:23.169967412Z","published":"2013-10-04T17:55:09Z","related":["SUSE-RU-2015:0794-1","SUSE-SU-2015:0253-1","SUSE-SU-2015:0439-1","SUSE-SU-2015:0551-1"],"references":[{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201503-04"},{"type":"EVIDENCE","url":"http://hmarco.org/bugs/CVE-2013-4788.html"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2013/07/15/9"},{"type":"FIX","url":"http://hmarco.org/bugs/CVE-2013-4788.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2013/07/15/9"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2015/Sep/23"},{"type":"WEB","url":"http://www.securityfocus.com/bid/61183"}],"schema_version":"1.7.5"}