Libc
by GNU
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40200 | Hig | 0.53 | 8.1 | 0.00 | Apr 10, 2026 | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on… | ||
| CVE-2026-6042 | Low | 0.21 | 3.3 | 0.00 | Apr 10, 2026 | A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local… | ||
| CVE-1999-0041 | 0.04 | — | 0.09 | Feb 13, 1997 | Buffer overflow in NLS (Natural Language Service). | |||
| CVE-1999-0767 | 0.03 | — | 0.01 | Sep 8, 1999 | Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. | |||
| CVE-2002-0029 | 0.01 | — | 0.10 | Nov 29, 2002 | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)… | |||
| CVE-2019-14874 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer… | |||
| CVE-2019-14877 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null… | |||
| CVE-2019-14873 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug… | |||
| CVE-2012-1577 | 0.00 | — | 0.02 | Dec 10, 2019 | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |||
| CVE-2019-14697 | 0.00 | — | 0.03 | Aug 6, 2019 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | |||
| CVE-2019-1010023 | 0.00 | — | 0.03 | Jul 15, 2019 | GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute… | |||
| CVE-2019-1010022 | 0.00 | — | 0.03 | Jul 15, 2019 | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream… |
- risk 0.53cvss 8.1epss 0.00
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on…
- risk 0.21cvss 3.3epss 0.00
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local…
- CVE-1999-0041Feb 13, 1997risk 0.04cvss —epss 0.09
Buffer overflow in NLS (Natural Language Service).
- CVE-1999-0767Sep 8, 1999risk 0.03cvss —epss 0.01
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
- CVE-2002-0029Nov 29, 2002risk 0.01cvss —epss 0.10
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)…
- CVE-2019-14874Mar 19, 2020risk 0.00cvss —epss 0.01
In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer…
- CVE-2019-14877Mar 19, 2020risk 0.00cvss —epss 0.01
In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null…
- CVE-2019-14873Mar 19, 2020risk 0.00cvss —epss 0.01
In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug…
- CVE-2012-1577Dec 10, 2019risk 0.00cvss —epss 0.02
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
- CVE-2019-14697Aug 6, 2019risk 0.00cvss —epss 0.03
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
- CVE-2019-1010023Jul 15, 2019risk 0.00cvss —epss 0.03
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute…
- CVE-2019-1010022Jul 15, 2019risk 0.00cvss —epss 0.03
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream…