rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 15 SP2-BCL
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3999 | — | < 2.26-13.65.1 | 2.26-13.65.1 | Aug 24, 2022 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to pote | ||
| CVE-2022-23219 | — | < 2.26-13.65.1 | 2.26-13.65.1 | Jan 14, 2022 | The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if | ||
| CVE-2022-23218 | — | < 2.26-13.65.1 | 2.26-13.65.1 | Jan 14, 2022 | The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if | ||
| CVE-2015-8985 | Med | 5.9 | < 2.26-13.65.1 | 2.26-13.65.1 | Mar 20, 2017 | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. |
- CVE-2021-3999Aug 24, 2022affected < 2.26-13.65.1fixed 2.26-13.65.1
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to pote
- CVE-2022-23219Jan 14, 2022affected < 2.26-13.65.1fixed 2.26-13.65.1
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if
- CVE-2022-23218Jan 14, 2022affected < 2.26-13.65.1fixed 2.26-13.65.1
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if
- affected < 2.26-13.65.1fixed 2.26-13.65.1
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.