Filtered by vendor Gnu
Subscribe
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0687 | 1 Gnu | 1 Glibc | 2024-04-11 | 4.0 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | |||||
CVE-2019-1010022 | 1 Gnu | 1 Glibc | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | |||||
CVE-2023-25139 | 1 Gnu | 1 Glibc | 2023-12-10 | N/A | 9.8 CRITICAL |
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | |||||
CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2023-12-10 | N/A | 9.8 CRITICAL |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2022-35164 | 1 Gnu | 1 Libredwg | 2023-12-10 | N/A | 9.8 CRITICAL |
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | |||||
CVE-2021-46848 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2023-12-10 | N/A | 9.1 CRITICAL |
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | |||||
CVE-2022-23218 | 3 Debian, Gnu, Oracle | 4 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
CVE-2022-23219 | 3 Debian, Gnu, Oracle | 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | |||||
CVE-2021-3466 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Libmicrohttpd, Enterprise Linux | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | |||||
CVE-2021-33574 | 4 Debian, Fedoraproject, Gnu and 1 more | 20 Debian Linux, Fedora, Glibc and 17 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
CVE-2021-35942 | 3 Debian, Gnu, Netapp | 7 Debian Linux, Glibc, Active Iq Unified Manager and 4 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||
CVE-2021-26937 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Screen | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||||
CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | |||||
CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | |||||
CVE-1999-0199 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | |||||
CVE-2019-20914 | 1 Gnu | 1 Libredwg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. | |||||
CVE-2017-9104 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | |||||
CVE-2017-9103 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. | |||||
CVE-2017-9109 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. |