rpm package
suse/glibc&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-8058 | Med | — | < 2.38-150600.14.37.1 | 2.38-150600.14.37.1 | Jul 23, 2025 | The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b | |
| CVE-2025-4802 | — | < 2.38-150600.14.32.1 | 2.38-150600.14.32.1 | May 16, 2025 | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or call | ||
| CVE-2025-0395 | Med | 6.2 | < 2.38-150600.14.23.1 | 2.38-150600.14.23.1 | Jan 22, 2025 | When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. |
- affected < 2.38-150600.14.37.1fixed 2.38-150600.14.37.1
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b
- CVE-2025-4802May 16, 2025affected < 2.38-150600.14.32.1fixed 2.38-150600.14.32.1
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or call
- affected < 2.38-150600.14.23.1fixed 2.38-150600.14.23.1
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.