Login Sign Up

CVE-2017-7476

9.8 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2017-7476 is a heap-based buffer overflow vulnerability in Gnulib's timezone handling code. Attackers can exploit this by manipulating the TZ environment variable to execute arbitrary code or cause denial of service. Systems using Gnulib before April 26, 2017 are affected.

💻 Affected Systems

Products:
  • Gnulib
  • Software using Gnulib components
Versions: All versions before 2017-04-26
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Applications must use the vulnerable time_rz.c component and process TZ environment variables.

📦 What is this software?

Gnulib by Gnulib

View all CVEs affecting Gnulib →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes or limited code execution in sandboxed environments.

🟢

If Mitigated

Minimal impact if systems are patched, isolated, or have memory protection mechanisms enabled.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires control over TZ environment variable, which may be possible through various input vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Gnulib 2017-04-26 or later

Vendor Advisory: http://git.savannah.gnu.org/gitweb/?p=gnulib.git%3Ba=commit%3Bh=94e01571507835ff59dd8ce2a0b56a4b566965a4

Restart Required: Yes

Instructions:

1. Update Gnulib to version 2017-04-26 or later. 2. Rebuild any applications using Gnulib. 3. Restart affected services.

🔧 Temporary Workarounds

Restrict TZ Environment Variable

linux

Prevent untrusted users from setting TZ environment variable

export TZ=""
unset TZ

Memory Protection

linux

Enable ASLR and other memory protection mechanisms

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks
  • Implement strict input validation for environment variables

🔍 How to Verify

Check if Vulnerable:

Check Gnulib version date or examine time_rz.c for the vulnerable save_abbr function

Check Version:

grep -r "gnulib" /usr/include/ || find /usr -name "*.c" -exec grep -l "save_abbr" {} \;

Verify Fix Applied:

Verify Gnulib version is 2017-04-26 or later and check commit 94e01571507835ff59dd8ce2a0b56a4b566965a4 is present

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unexpected process termination

Network Indicators:

  • Unusual TZ environment variable values in process execution

SIEM Query:

process where (command_line contains "TZ=" and command_line length > 100)

📊 Metadata

CVE ID: CVE-2017-7476
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: May 2, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-7476, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)