Linux Empty Search Path Vulnerability

Empty Search Path (PATH or LD_LIBRARY_PATH) could lead to security vulnerabilities.

CWE-427: Uncontrolled Search Path Element

Empty Entry in LD_LIBRARY_PATH May Lead to Security Issues


  • Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.