VYPR

Glibc

by GNU

Source repositories

CVEs (149)

  • CVE-2021-35942Jul 22, 2021
    risk 0.00cvss epss 0.03

    The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs…

  • CVE-2021-33574May 25, 2021
    risk 0.00cvss epss 0.03

    The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service…

  • CVE-2020-27618Feb 26, 2021
    risk 0.00cvss epss 0.01

    The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications,…

  • CVE-2021-27645Feb 24, 2021
    risk 0.00cvss epss 0.00

    The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to…

  • CVE-2021-3326Jan 27, 2021
    risk 0.00cvss epss 0.03

    The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

  • CVE-2019-25013Jan 4, 2021
    risk 0.00cvss epss 0.04

    The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

  • CVE-2020-29573Dec 5, 2020
    risk 0.00cvss epss 0.03

    sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a…

  • CVE-2020-29562Dec 4, 2020
    risk 0.00cvss epss 0.02

    The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

  • CVE-2020-6096Apr 1, 2020
    risk 0.00cvss epss 0.05

    An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison…

  • CVE-2020-10029Mar 4, 2020
    risk 0.00cvss epss 0.01

    The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is…

  • CVE-2019-19126Nov 19, 2019
    risk 0.00cvss epss 0.00

    On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries…

  • CVE-2019-1010025Jul 15, 2019
    risk 0.00cvss epss 0.02

    GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

  • CVE-2019-1010024Jul 15, 2019
    risk 0.00cvss epss 0.03

    GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

  • CVE-2006-7254Apr 10, 2019
    risk 0.00cvss epss 0.00

    The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

  • CVE-2005-3590Apr 10, 2019
    risk 0.00cvss epss 0.02

    The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

  • CVE-2019-9192Feb 26, 2019
    risk 0.00cvss epss 0.02

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a…

  • CVE-2018-20796Feb 26, 2019
    risk 0.00cvss epss 0.06

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

  • CVE-2019-9169Feb 26, 2019
    risk 0.00cvss epss 0.05

    In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

  • CVE-2009-5155Feb 26, 2019
    risk 0.00cvss epss 0.04

    In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

  • CVE-2019-7309Feb 3, 2019
    risk 0.00cvss epss 0.01

    In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

Page 5 of 8