Integer overflow in the strxfrm function in the GNU C Library (aka glibc or
libc6) before 2.21 allows context-dependent attackers to cause a denial of
service (crash) or possibly execute arbitrary code via a long string, which
triggers a stack-based buffer overflow.
It was discovered that the GNU C Library incorrectly handled the
strxfrm() function. An attacker could use this issue to cause a
denial of service or possibly execute arbitrary code.
Updated: 2017-03-22 18:14:54 UTC (commit 12284)