Filtered by vendor Gnu
Subscribe
Total
333 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4692 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2024-04-23 | N/A | 7.8 HIGH |
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | |||||
CVE-2023-2789 | 1 Gnu | 1 Cflow | 2024-04-11 | 2.7 LOW | 7.5 HIGH |
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. | |||||
CVE-2019-9192 | 1 Gnu | 1 Glibc | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern | |||||
CVE-2019-1010023 | 1 Gnu | 1 Glibc | 2024-04-11 | 6.8 MEDIUM | 8.8 HIGH |
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | |||||
CVE-2017-8804 | 1 Gnu | 1 Glibc | 2024-04-11 | 7.8 HIGH | 7.5 HIGH |
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references | |||||
CVE-2024-0553 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2024-03-25 | N/A | 7.5 HIGH |
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. | |||||
CVE-2024-0567 | 1 Gnu | 1 Gnutls | 2024-03-05 | N/A | 7.5 HIGH |
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. | |||||
CVE-2023-6779 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-02-27 | N/A | 7.5 HIGH |
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. | |||||
CVE-2023-25584 | 1 Gnu | 1 Binutils | 2024-02-23 | N/A | 7.1 HIGH |
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. | |||||
CVE-2023-5156 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-02-23 | N/A | 7.5 HIGH |
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | |||||
CVE-2023-4911 | 3 Fedoraproject, Gnu, Redhat | 15 Fedora, Glibc, Codeready Linux Builder Eus and 12 more | 2024-02-22 | N/A | 7.8 HIGH |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
CVE-2023-6246 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-02-16 | N/A | 7.8 HIGH |
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | |||||
CVE-2023-29491 | 1 Gnu | 1 Ncurses | 2024-01-31 | N/A | 7.8 HIGH |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | |||||
CVE-2022-28734 | 2 Gnu, Netapp | 2 Grub2, Active Iq Unified Manager | 2024-01-16 | N/A | 7.0 HIGH |
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. | |||||
CVE-2023-26157 | 1 Gnu | 1 Libredwg | 2024-01-08 | N/A | 7.5 HIGH |
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. | |||||
CVE-2023-40303 | 1 Gnu | 1 Inetutils | 2024-01-02 | N/A | 7.8 HIGH |
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | |||||
CVE-2013-4412 | 3 Berlios, Debian, Gnu | 3 Slim, Debian Linux, Glibc | 2023-12-13 | 5.0 MEDIUM | 7.5 HIGH |
slim has NULL pointer dereference when using crypt() method from glibc 2.17 | |||||
CVE-2022-28736 | 1 Gnu | 1 Grub2 | 2023-12-10 | N/A | 7.8 HIGH |
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. | |||||
CVE-2022-28733 | 1 Gnu | 1 Grub2 | 2023-12-10 | N/A | 8.1 HIGH |
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. |