VYPR

Glibc

by GNU

Source repositories

CVEs (149)

  • CVE-2023-4911HigKEVOct 3, 2023
    risk 0.71cvss 7.8epss 0.81

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID…

  • CVE-2026-5450CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2018-11236CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.07

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially,…

  • CVE-2017-18269CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.05

    An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address…

  • CVE-2017-15804CriOct 22, 2017
    risk 0.64cvss 9.8epss 0.03

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

  • CVE-2017-15670CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.03

    The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

  • CVE-2014-9984CriJun 12, 2017
    risk 0.64cvss 9.8epss 0.04

    nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

  • CVE-2015-8779CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds…

  • CVE-2014-9761CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2015-7547HigFeb 18, 2016
    risk 0.63cvss 8.1epss 0.90

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS…

  • CVE-2015-8776CriApr 19, 2016
    risk 0.60cvss 9.1epss 0.05

    The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

  • CVE-2024-2961HigApr 17, 2024
    risk 0.58cvss 7.3epss 0.88

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

  • CVE-2023-6246HigJan 31, 2024
    risk 0.57cvss 8.4epss 0.05

    A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program…

  • CVE-2018-1000001HigJan 31, 2018
    risk 0.55cvss 7.8epss 0.14

    In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2024-33599HigMay 6, 2024
    risk 0.53cvss 8.1epss 0.01

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15…

  • CVE-2023-6779HigJan 31, 2024
    risk 0.53cvss 8.2epss 0.03

    An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an…

  • CVE-2017-17426HigDec 5, 2017
    risk 0.53cvss 8.1epss 0.02

    The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread…

  • CVE-2015-8983HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.04

    Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a…

Page 1 of 8