Potential arbitrary code execution via dlopen

15 Nov 2023


      alsa-project/alsa-lib issue #365 was opened from szsam:
The value of the first argument of dlopen() may come from getenv. Using externally controlled strings in a process operation can allow an attacker to execute malicious commands.
https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508...
https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508...
Issue URL     : https://github.com/alsa-project/alsa-lib/issues/365
Repository URL: https://github.com/alsa-project/alsa-lib

Potential arbitrary code execution via dlopen

GitHub issues - opened