VYPR

rpm package

suse/glibc&distro=SUSE Linux Enterprise Server 15 SP5-LTSS

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Vulnerabilities (9)

  • CVE-2026-5928HigApr 20, 2026
    affected < 2.31-150300.101.1fixed 2.31-150300.101.1

    Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buf

  • CVE-2026-5450CriApr 20, 2026
    affected < 2.31-150300.101.1fixed 2.31-150300.101.1

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2026-4046HigMar 30, 2026
    affected < 2.31-150300.101.1fixed 2.31-150300.101.1

    The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem

  • CVE-2025-15281Jan 20, 2026
    affected < 2.31-150300.98.1fixed 2.31-150300.98.1

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

  • CVE-2026-0915Jan 15, 2026
    affected < 2.31-150300.98.1fixed 2.31-150300.98.1

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

  • CVE-2026-0861Jan 14, 2026
    affected < 2.31-150300.98.1fixed 2.31-150300.98.1

    Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control

  • CVE-2025-8058MedJul 23, 2025
    affected < 2.31-150300.98.1fixed 2.31-150300.98.1

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b

  • CVE-2025-4802May 16, 2025
    affected < 2.31-150300.95.1fixed 2.31-150300.95.1

    Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or call

  • CVE-2025-0395MedJan 22, 2025
    affected < 2.31-150300.92.1fixed 2.31-150300.92.1

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.