VYPR

apk package

chainguard/posix-libc-utils-bin

pkg:apk/chainguard/posix-libc-utils-bin

Vulnerabilities (7)

  • CVE-2026-6238MedApr 28, 2026
    affected < 0fixed 0

    The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS resp

  • CVE-2026-5435HigApr 28, 2026
    affected < 0fixed 0

    The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

  • CVE-2026-5450CriApr 20, 2026
    affected < 2.43-r7fixed 2.43-r7

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2026-5358Apr 20, 2026
    affected < 0fixed 0

    Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that t

  • CVE-2026-4046HigMar 30, 2026
    affected < 2.43-r6fixed 2.43-r6

    The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem

  • CVE-2026-4438MedMar 20, 2026
    affected < 2.43-r4fixed 2.43-r4

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

  • CVE-2026-4437HigMar 20, 2026
    affected < 2.43-r4fixed 2.43-r4

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c