VYPR

rpm package

suse/glibc&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (7)

  • CVE-2026-5928HigApr 20, 2026
    affected < 2.22-114.46.1fixed 2.22-114.46.1

    Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buf

  • CVE-2026-5450CriApr 20, 2026
    affected < 2.22-114.46.1fixed 2.22-114.46.1

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2026-4046HigMar 30, 2026
    affected < 2.22-114.46.1fixed 2.22-114.46.1

    The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem

  • CVE-2025-15281Jan 20, 2026
    affected < 2.22-114.43.1fixed 2.22-114.43.1

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

  • CVE-2026-0915Jan 15, 2026
    affected < 2.22-114.43.1fixed 2.22-114.43.1

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

  • CVE-2025-8058MedJul 23, 2025
    affected < 2.22-114.43.1fixed 2.22-114.43.1

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow b

  • CVE-2025-0395MedJan 22, 2025
    affected < 2.22-114.40.1fixed 2.22-114.40.1

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.