CVE-2011-1006

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

Published: Mar 22, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-1006
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
balbir_singh / libcgroup	0.32.2	0.32.2.x
balbir_singh / libcgroup	0.36	0.36.x
balbir_singh / libcgroup	0.1c	0.1c.x
balbir_singh / libcgroup	0.31	0.31.x
balbir_singh / libcgroup	0.3	0.3.x
balbir_singh / libcgroup	0.33	0.33.x
balbir_singh / libcgroup	0.37-rc1	0.37-rc1.x
balbir_singh / libcgroup	-	0.37.x
balbir_singh / libcgroup	0.35	0.35.x
balbir_singh / libcgroup	0.34	0.34.x
balbir_singh / libcgroup	0.36.2	0.36.2.x
balbir_singh / libcgroup	0.2	0.2.x
balbir_singh / libcgroup	0.32	0.32.x
balbir_singh / libcgroup	0.32.1	0.32.1.x
balbir_singh / libcgroup	0.36.1	0.36.1.x
balbir_singh / libcgroup	0.35.1	0.35.1.x
balbir_singh / libcgroup	0.1b	0.1b.x

Vulnerability Database

300,830

CVE-2011-1006

Deep Security Visibility Without the Complexity