Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12133 | 1 Gnu | 1 Glibc | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. | |||||
| CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | |||||
| CVE-2016-4429 | 3 Canonical, Gnu, Opensuse | 4 Ubuntu Linux, Glibc, Leap and 1 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | |||||
| CVE-2016-3075 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Glibc and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |||||
| CVE-2016-1234 | 3 Fedoraproject, Gnu, Opensuse | 4 Fedora, Glibc, Leap and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | |||||
| CVE-2016-10228 | 1 Gnu | 1 Glibc | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | |||||
| CVE-2015-8984 | 1 Gnu | 1 Glibc | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. | |||||
| CVE-2015-8983 | 1 Gnu | 1 Glibc | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-8982 | 1 Gnu | 1 Glibc | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | |||||
| CVE-2015-1473 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2023-11-07 | 6.4 MEDIUM | N/A |
| The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | |||||
| CVE-2015-1472 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2023-11-07 | 7.5 HIGH | N/A |
| The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. | |||||
| CVE-2014-9984 | 1 Gnu | 1 Glibc | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | |||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2023-11-07 | 7.5 HIGH | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
| CVE-2013-7424 | 1 Gnu | 1 Glibc | 2023-11-07 | 5.1 MEDIUM | N/A |
| The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. | |||||
| CVE-2013-4458 | 2 Gnu, Suse | 3 Glibc, Linux Enterprise Debuginfo, Linux Enterprise Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. | |||||
| CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2023-11-07 | 5.0 MEDIUM | N/A |
| iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||
| CVE-2011-5320 | 1 Gnu | 1 Glibc | 2023-11-07 | 2.1 LOW | 6.2 MEDIUM |
| scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. | |||||
| CVE-2011-1659 | 1 Gnu | 1 Glibc | 2023-11-07 | 5.0 MEDIUM | N/A |
| Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | |||||
| CVE-2010-4051 | 1 Gnu | 1 Glibc | 2023-11-07 | 5.0 MEDIUM | N/A |
| The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | |||||
| CVE-2010-0830 | 1 Gnu | 1 Glibc | 2023-11-07 | 5.1 MEDIUM | N/A |
| Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | |||||