HIGH
Hesiod Project
CVE published 2017-03-01
CVE-2016-10151
CVE-2016-10151 describes a local privilege escalation issue in Hesiod 3.2.1. The vulnerable logic in hesiod_init can choose configuration from environment variables when EUID and UID comparisons indicate a privileged context, allowing a local user to influence behavior through HESIOD_CONFIG or HES_DOMAIN when a SUID/SGUID binary uses the library.