VYPR

rpm package

almalinux/glibc-langpack-bs

pkg:rpm/almalinux/glibc-langpack-bs

Vulnerabilities (16)

  • CVE-2025-15281Jan 20, 2026
    affected < 2.34-231.el9_7.10fixed 2.34-231.el9_7.10

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

  • CVE-2026-0915Jan 15, 2026
    affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

  • CVE-2026-0861Jan 14, 2026
    affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1

    Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control

  • CVE-2025-8058MedJul 23, 2025
    affected < 2.28-251.el8_10.25fixed 2.28-251.el8_10.25

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b

  • CVE-2025-5702Jun 5, 2025
    affected < 2.34-168.el9_6.20fixed 2.34-168.el9_6.20

    The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in ove

  • CVE-2025-4802May 16, 2025
    affected < 2.34-168.el9_6.19fixed 2.34-168.el9_6.19

    Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or call

  • CVE-2025-0395MedJan 22, 2025
    affected < 2.28-251.el8_10.16fixed 2.28-251.el8_10.16

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

  • CVE-2024-33602HigMay 6, 2024
    affected < 2.34-100.el9_4.2fixed 2.34-100.el9_4.2

    nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to ns

  • CVE-2024-33601HigMay 6, 2024
    affected < 2.34-100.el9_4.2fixed 2.34-100.el9_4.2

    nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.

  • CVE-2024-33600MedMay 6, 2024
    affected < 2.34-100.el9_4.2fixed 2.34-100.el9_4.2

    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was add

  • CVE-2024-33599HigMay 6, 2024
    affected < 2.34-100.el9_4.2fixed 2.34-100.el9_4.2

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15

  • CVE-2024-2961HigApr 17, 2024
    affected < 2.28-236.el8_9.13fixed 2.28-236.el8_9.13

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

  • CVE-2023-4911HigKEVOct 3, 2023
    affected < 2.34-60.el9_2.7fixed 2.34-60.el9_2.7

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permiss

  • CVE-2023-4806MedSep 18, 2023
    affected < 2.34-60.el9_2.7fixed 2.34-60.el9_2.7

    A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanon

  • CVE-2023-4527MedSep 18, 2023
    affected < 2.34-60.el9_2.7fixed 2.34-60.el9_2.7

    A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function ret

  • CVE-2023-4813Sep 12, 2023
    affected < 2.34-60.el9_2.7fixed 2.34-60.el9_2.7

    A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is conf