Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Glibc
Total 131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4051 1 Gnu 1 Glibc 2021-06-18 5.0 MEDIUM N/A
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
CVE-2019-1010022 1 Gnu 1 Glibc 2021-06-10 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
CVE-2020-29562 3 Fedoraproject, Gnu, Netapp 3 Fedora, Glibc, E-series Santricity Os Controller 2021-03-19 2.1 LOW 4.8 MEDIUM
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-6096 2 Fedoraproject, Gnu 2 Fedora, Glibc 2021-03-04 6.8 MEDIUM 8.1 HIGH
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
CVE-2016-10228 1 Gnu 1 Glibc 2021-02-25 4.3 MEDIUM 5.9 MEDIUM
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2020-29573 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2021-01-26 5.0 MEDIUM 7.5 HIGH
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
CVE-1999-0199 1 Gnu 1 Glibc 2020-12-03 7.5 HIGH 9.8 CRITICAL
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
CVE-2019-1010023 1 Gnu 1 Glibc 2020-11-16 6.8 MEDIUM 8.8 HIGH
** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
CVE-2019-1010024 1 Gnu 1 Glibc 2020-11-16 5.0 MEDIUM 5.3 MEDIUM
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
CVE-2019-1010025 1 Gnu 1 Glibc 2020-11-16 5.0 MEDIUM 5.3 MEDIUM
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
CVE-2016-3706 2 Gnu, Opensuse 2 Glibc, Opensuse 2020-10-29 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
CVE-2017-1000366 8 Debian, Gnu, Mcafee and 5 more 20 Debian Linux, Glibc, Web Gateway and 17 more 2020-10-15 7.2 HIGH 7.8 HIGH
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVE-2017-16997 2 Gnu, Redhat 4 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2020-10-15 9.3 HIGH 7.8 HIGH
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
CVE-2017-8804 1 Gnu 1 Glibc 2020-08-26 7.8 HIGH 7.5 HIGH
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]
CVE-2018-6551 1 Gnu 1 Glibc 2020-08-24 7.5 HIGH 9.8 CRITICAL
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.
CVE-2018-6485 4 Gnu, Netapp, Oracle and 1 more 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
CVE-2019-9192 1 Gnu 1 Glibc 2020-08-24 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.
CVE-2018-11236 4 Gnu, Netapp, Oracle and 1 more 9 Glibc, Data Ontap Edge, Element Software Management and 6 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
CVE-2018-11237 4 Gnu, Netapp, Oracle and 1 more 9 Glibc, Data Ontap Edge, Element Software Management and 6 more 2020-08-24 4.6 MEDIUM 7.8 HIGH
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2019-7309 1 Gnu 1 Glibc 2020-08-24 2.1 LOW 5.5 MEDIUM
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.