VYPR

rpm package

suse/glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (17)

  • CVE-2018-11236May 18, 2018
    affected < 2.19-40.16.950fixed 2.19-40.16.950

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra

  • CVE-2018-1000001Jan 31, 2018
    affected < 2.19-40.9.5fixed 2.19-40.9.5

    In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

  • CVE-2017-15804CriOct 22, 2017
    affected < 2.19-40.16.950fixed 2.19-40.16.950

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

  • CVE-2017-15671MedOct 20, 2017
    affected < 2.19-40.16.950fixed 2.19-40.16.950

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

  • CVE-2017-15670CriOct 20, 2017
    affected < 2.19-40.16.950fixed 2.19-40.16.950

    The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

  • CVE-2017-12132MedAug 1, 2017
    affected < 2.19-40.16.950fixed 2.19-40.16.950

    The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

  • CVE-2017-1000366HigJun 19, 2017
    affected < 2.19-40.6.1fixed 2.19-40.6.1

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio

  • CVE-2016-4429MedJun 10, 2016
    affected < 2.19-38.2fixed 2.19-38.2

    Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

  • CVE-2016-3706HigJun 10, 2016
    affected < 2.19-38.2fixed 2.19-38.2

    Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in

  • CVE-2016-3075HigJun 1, 2016
    affected < 2.19-38.2fixed 2.19-38.2

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-1234HigJun 1, 2016
    affected < 2.19-38.2fixed 2.19-38.2

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2015-8779CriApr 19, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor

  • CVE-2015-8776CriApr 19, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

  • CVE-2014-9761CriApr 19, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2015-7547HigFeb 18, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo

  • CVE-2015-8777MedJan 20, 2016
    affected < 2.19-35.1fixed 2.19-35.1

    The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.