VYPR

rpm package

suse/glibc&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (6)

  • CVE-2026-4438MedMar 20, 2026
    affected < 2.40-160000.4.1fixed 2.40-160000.4.1

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

  • CVE-2026-4437HigMar 20, 2026
    affected < 2.40-160000.4.1fixed 2.40-160000.4.1

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c

  • CVE-2025-15281Jan 20, 2026
    affected < 2.40-160000.3.1fixed 2.40-160000.3.1

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

  • CVE-2026-0915Jan 15, 2026
    affected < 2.40-160000.3.1fixed 2.40-160000.3.1

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

  • CVE-2026-0861Jan 14, 2026
    affected < 2.40-160000.3.1fixed 2.40-160000.3.1

    Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control

  • CVE-2025-0395MedJan 22, 2025
    affected < 2.40-160000.3.1fixed 2.40-160000.3.1

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.