rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4429 | Med | 5.9 | < 2.19-38.2 | 2.19-38.2 | Jun 10, 2016 | Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | |
| CVE-2016-3706 | Hig | 7.5 | < 2.19-38.2 | 2.19-38.2 | Jun 10, 2016 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in | |
| CVE-2016-3075 | Hig | 7.5 | < 2.19-38.2 | 2.19-38.2 | Jun 1, 2016 | Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |
| CVE-2016-1234 | Hig | 7.5 | < 2.19-38.2 | 2.19-38.2 | Jun 1, 2016 | Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | |
| CVE-2015-8779 | Cri | 9.8 | < 2.19-35.1 | 2.19-35.1 | Apr 19, 2016 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |
| CVE-2015-8778 | Cri | 9.8 | < 2.19-35.1 | 2.19-35.1 | Apr 19, 2016 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor | |
| CVE-2015-8776 | Cri | 9.1 | < 2.19-35.1 | 2.19-35.1 | Apr 19, 2016 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |
| CVE-2014-9761 | Cri | 9.8 | < 2.19-35.1 | 2.19-35.1 | Apr 19, 2016 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |
| CVE-2015-7547 | Hig | 8.1 | < 2.19-35.1 | 2.19-35.1 | Feb 18, 2016 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo | |
| CVE-2015-8777 | Med | 5.5 | < 2.19-35.1 | 2.19-35.1 | Jan 20, 2016 | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
- affected < 2.19-38.2fixed 2.19-38.2
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
- affected < 2.19-38.2fixed 2.19-38.2
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in
- affected < 2.19-38.2fixed 2.19-38.2
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
- affected < 2.19-38.2fixed 2.19-38.2
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
- affected < 2.19-35.1fixed 2.19-35.1
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
- affected < 2.19-35.1fixed 2.19-35.1
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
- affected < 2.19-35.1fixed 2.19-35.1
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
- affected < 2.19-35.1fixed 2.19-35.1
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
- affected < 2.19-35.1fixed 2.19-35.1
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo
- affected < 2.19-35.1fixed 2.19-35.1
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.