rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5928 | Hig | 7.5 | < 2.22-114.46.1 | 2.22-114.46.1 | Apr 20, 2026 | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buf | |
| CVE-2026-5450 | Cri | 9.8 | < 2.22-114.46.1 | 2.22-114.46.1 | Apr 20, 2026 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. | |
| CVE-2026-4046 | Hig | 7.5 | < 2.22-114.46.1 | 2.22-114.46.1 | Mar 30, 2026 | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem | |
| CVE-2025-15281 | — | < 2.22-114.43.1 | 2.22-114.43.1 | Jan 20, 2026 | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | ||
| CVE-2026-0915 | — | < 2.22-114.43.1 | 2.22-114.43.1 | Jan 15, 2026 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. | ||
| CVE-2025-8058 | Med | — | < 2.22-114.43.1 | 2.22-114.43.1 | Jul 23, 2025 | The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b | |
| CVE-2025-0395 | Med | 6.2 | < 2.22-114.40.1 | 2.22-114.40.1 | Jan 22, 2025 | When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. |
- affected < 2.22-114.46.1fixed 2.22-114.46.1
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buf
- affected < 2.22-114.46.1fixed 2.22-114.46.1
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.
- affected < 2.22-114.46.1fixed 2.22-114.46.1
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem
- CVE-2025-15281Jan 20, 2026affected < 2.22-114.43.1fixed 2.22-114.43.1
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
- CVE-2026-0915Jan 15, 2026affected < 2.22-114.43.1fixed 2.22-114.43.1
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
- affected < 2.22-114.43.1fixed 2.22-114.43.1
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b
- affected < 2.22-114.40.1fixed 2.22-114.40.1
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.