VYPR

Glibc

by GNU

Source repositories

CVEs (149)

  • CVE-2011-5320MedOct 18, 2017
    risk 0.40cvss 6.2epss 0.00

    scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

  • CVE-2023-4806MedSep 18, 2023
    risk 0.39cvss 5.9epss 0.01

    A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and…

  • CVE-2017-12133MedSep 7, 2017
    risk 0.39cvss 5.9epss 0.02

    Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

  • CVE-2017-12132MedAug 1, 2017
    risk 0.39cvss 5.9epss 0.02

    The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

  • CVE-2015-8985MedMar 20, 2017
    risk 0.39cvss 5.9epss 0.03

    The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

  • CVE-2015-8984MedMar 20, 2017
    risk 0.39cvss 5.9epss 0.02

    The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

  • CVE-2016-10228MedMar 2, 2017
    risk 0.39cvss 5.9epss 0.04

    The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a…

  • CVE-2016-4429MedJun 10, 2016
    risk 0.39cvss 5.9epss 0.04

    Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

  • CVE-2025-8058MedJul 23, 2025
    risk 0.38cvss epss 0.00

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow…

  • CVE-2024-33600MedMay 6, 2024
    risk 0.38cvss 5.9epss 0.01

    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was…

  • CVE-2017-15671MedOct 20, 2017
    risk 0.38cvss 5.9epss 0.01

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

  • CVE-2015-8777MedJan 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

  • CVE-2026-4438MedMar 20, 2026
    risk 0.35cvss 5.4epss 0.00

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

  • CVE-2023-6780MedJan 31, 2024
    risk 0.34cvss 5.3epss 0.03

    An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size…

  • CVE-2025-0577MedFeb 18, 2026
    risk 0.31cvss 4.8epss 0.00

    An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

  • CVE-2015-0235Jan 28, 2015
    risk 0.11cvss epss 0.95

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2010-4052Jan 13, 2011
    risk 0.07cvss epss 0.51

    Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent…

  • CVE-2010-4051Jan 13, 2011
    risk 0.06cvss epss 0.40

    The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the…

  • CVE-2011-2702Oct 27, 2014
    risk 0.04cvss epss 0.08

    Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2)…

  • CVE-2014-5119Aug 29, 2014
    risk 0.04cvss epss 0.18

    Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv…

Page 3 of 8