rpm package
almalinux/glibc-langpack-rif
pkg:rpm/almalinux/glibc-langpack-rif
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5450 | Cri | 9.8 | < 2.39-126.el10_2.alma.1 | 2.39-126.el10_2.alma.1 | Apr 20, 2026 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. | |
| CVE-2026-4046 | Hig | 7.5 | < 2.39-124.el10_2.alma.1 | 2.39-124.el10_2.alma.1 | Mar 30, 2026 | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem | |
| CVE-2026-4438 | Med | 5.4 | < 2.39-121.el10_2.alma.1 | 2.39-121.el10_2.alma.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | |
| CVE-2026-4437 | Hig | 7.5 | < 2.39-121.el10_2.alma.1 | 2.39-121.el10_2.alma.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c | |
| CVE-2026-0915 | — | < 2.39-58.el10_1.7.alma.1 | 2.39-58.el10_1.7.alma.1 | Jan 15, 2026 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. | ||
| CVE-2026-0861 | — | < 2.39-58.el10_1.7.alma.1 | 2.39-58.el10_1.7.alma.1 | Jan 14, 2026 | Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control |
- affected < 2.39-126.el10_2.alma.1fixed 2.39-126.el10_2.alma.1
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.
- affected < 2.39-124.el10_2.alma.1fixed 2.39-124.el10_2.alma.1
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem
- affected < 2.39-121.el10_2.alma.1fixed 2.39-121.el10_2.alma.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
- affected < 2.39-121.el10_2.alma.1fixed 2.39-121.el10_2.alma.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c
- CVE-2026-0915Jan 15, 2026affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
- CVE-2026-0861Jan 14, 2026affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control