rpm package
suse/glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15670 | Cri | 9.8 | < 2.22-62.3.4 | 2.22-62.3.4 | Oct 20, 2017 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | |
| CVE-2017-12133 | Med | 5.9 | < 2.22-62.10.1 | 2.22-62.10.1 | Sep 7, 2017 | Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. | |
| CVE-2017-12132 | Med | 5.9 | < 2.22-62.6.2 | 2.22-62.6.2 | Aug 1, 2017 | The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | |
| CVE-2017-8804 | Hig | 7.5 | < 2.22-62.6.2 | 2.22-62.6.2 | May 7, 2017 | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v |
- affected < 2.22-62.3.4fixed 2.22-62.3.4
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
- affected < 2.22-62.10.1fixed 2.22-62.10.1
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
- affected < 2.22-62.6.2fixed 2.22-62.6.2
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
- affected < 2.22-62.6.2fixed 2.22-62.6.2
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v
Page 2 of 2