rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4438 | Med | 5.4 | < 2.40-160000.4.1 | 2.40-160000.4.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | |
| CVE-2026-4437 | Hig | 7.5 | < 2.40-160000.4.1 | 2.40-160000.4.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c | |
| CVE-2025-15281 | — | < 2.40-160000.3.1 | 2.40-160000.3.1 | Jan 20, 2026 | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | ||
| CVE-2026-0915 | — | < 2.40-160000.3.1 | 2.40-160000.3.1 | Jan 15, 2026 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. | ||
| CVE-2026-0861 | — | < 2.40-160000.3.1 | 2.40-160000.3.1 | Jan 14, 2026 | Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control | ||
| CVE-2025-0395 | Med | 6.2 | < 2.40-160000.3.1 | 2.40-160000.3.1 | Jan 22, 2025 | When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. |
- affected < 2.40-160000.4.1fixed 2.40-160000.4.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
- affected < 2.40-160000.4.1fixed 2.40-160000.4.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c
- CVE-2025-15281Jan 20, 2026affected < 2.40-160000.3.1fixed 2.40-160000.3.1
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
- CVE-2026-0915Jan 15, 2026affected < 2.40-160000.3.1fixed 2.40-160000.3.1
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
- CVE-2026-0861Jan 14, 2026affected < 2.40-160000.3.1fixed 2.40-160000.3.1
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control
- affected < 2.40-160000.3.1fixed 2.40-160000.3.1
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.