VYPR

libc6

by GNU

CVEs (10)

  • CVE-2017-15804CriOct 22, 2017
    risk 0.64cvss 9.8epss 0.03

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

  • CVE-2017-17426HigDec 5, 2017
    risk 0.53cvss 8.1epss 0.02

    The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread…

  • CVE-2015-8982HigMar 15, 2017
    risk 0.53cvss 8.1epss 0.04

    Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

  • CVE-2016-5417HigFeb 17, 2017
    risk 0.49cvss 7.5epss 0.03

    Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data…

  • CVE-2016-6323HigOct 7, 2016
    risk 0.49cvss 7.5epss 0.04

    The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by…

  • CVE-2017-12133MedSep 7, 2017
    risk 0.39cvss 5.9epss 0.02

    Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

  • CVE-2015-8985MedMar 20, 2017
    risk 0.39cvss 5.9epss 0.03

    The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

  • CVE-2015-8984MedMar 20, 2017
    risk 0.39cvss 5.9epss 0.02

    The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

  • CVE-2016-10228MedMar 2, 2017
    risk 0.39cvss 5.9epss 0.04

    The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a…

  • CVE-2017-15671MedOct 20, 2017
    risk 0.38cvss 5.9epss 0.01

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).