rpm package
suse/glibc&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/glibc&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10029 | — | < 2.22-113.4 | 2.22-113.4 | Mar 4, 2020 | The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is relat | ||
| CVE-2019-9169 | — | < 2.22-62.22.5 | 2.22-62.22.5 | Feb 26, 2019 | In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | ||
| CVE-2009-5155 | — | < 2.22-62.22.5 | 2.22-62.22.5 | Feb 26, 2019 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | ||
| CVE-2018-11237 | — | < 2.22-62.13.2 | 2.22-62.13.2 | May 18, 2018 | An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | ||
| CVE-2018-11236 | — | < 2.22-62.13.2 | 2.22-62.13.2 | May 18, 2018 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra | ||
| CVE-2017-18269 | — | < 2.22-62.13.2 | 2.22-62.13.2 | May 18, 2018 | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address |
- CVE-2020-10029Mar 4, 2020affected < 2.22-113.4fixed 2.22-113.4
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is relat
- CVE-2019-9169Feb 26, 2019affected < 2.22-62.22.5fixed 2.22-62.22.5
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
- CVE-2009-5155Feb 26, 2019affected < 2.22-62.22.5fixed 2.22-62.22.5
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
- CVE-2018-11237May 18, 2018affected < 2.22-62.13.2fixed 2.22-62.13.2
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
- CVE-2018-11236May 18, 2018affected < 2.22-62.13.2fixed 2.22-62.13.2
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra
- CVE-2017-18269May 18, 2018affected < 2.22-62.13.2fixed 2.22-62.13.2
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address