Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15267 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2017 | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | ||
| CVE-2017-13728 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2016-0634 | Hig | 0.49 | 7.5 | 0.06 | Aug 28, 2017 | The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | ||
| CVE-2014-9483 | Hig | 0.49 | 7.5 | 0.03 | Aug 28, 2017 | Emacs 24.4 allows remote attackers to bypass security restrictions. | ||
| CVE-2017-13710 | Hig | 0.49 | 7.5 | 0.03 | Aug 27, 2017 | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. | ||
| CVE-2017-12836 | Hig | 0.49 | 7.5 | 0.06 | Aug 24, 2017 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | ||
| CVE-2017-12961 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | ||
| CVE-2017-12960 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | ||
| CVE-2017-12959 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | ||
| CVE-2017-12958 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | ||
| CVE-2016-4456 | Hig | 0.49 | 7.5 | 0.02 | Aug 8, 2017 | The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | ||
| CVE-2017-11113 | Hig | 0.49 | 7.5 | 0.02 | Jul 8, 2017 | In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | ||
| CVE-2017-11112 | Hig | 0.49 | 7.5 | 0.02 | Jul 8, 2017 | In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | ||
| CVE-2017-10790 | Hig | 0.49 | 7.5 | 0.05 | Jul 2, 2017 | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. | ||
| CVE-2015-5180 | Hig | 0.49 | 7.5 | 0.06 | Jun 27, 2017 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | ||
| CVE-2017-7507 | Hig | 0.49 | 7.5 | 0.03 | Jun 16, 2017 | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | ||
| CVE-2017-8804 | Hig | 0.49 | 7.5 | 0.08 | May 7, 2017 | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used)… | ||
| CVE-2017-8398 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. | ||
| CVE-2017-8397 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes… | ||
| CVE-2017-8396 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability… | ||
| CVE-2017-8395 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents… | ||
| CVE-2017-8394 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs… | ||
| CVE-2017-8393 | Hig | 0.49 | 7.5 | 0.02 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a… | ||
| CVE-2017-8392 | Hig | 0.49 | 7.5 | 0.01 | May 1, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes… | ||
| CVE-2016-10091 | Hig | 0.49 | 7.5 | 0.03 | Apr 21, 2017 | Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | ||
| CVE-2017-7869 | Hig | 0.49 | 7.5 | 0.03 | Apr 14, 2017 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | ||
| CVE-2017-7853 | Hig | 0.49 | 7.5 | 0.02 | Apr 13, 2017 | In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. | ||
| CVE-2016-10326 | Hig | 0.49 | 7.5 | 0.01 | Apr 13, 2017 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. | ||
| CVE-2016-10325 | Hig | 0.49 | 7.5 | 0.01 | Apr 13, 2017 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. | ||
| CVE-2017-7304 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This… | ||
| CVE-2017-7303 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils… | ||
| CVE-2017-7302 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability… | ||
| CVE-2017-7301 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU… | ||
| CVE-2017-7300 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while… | ||
| CVE-2017-5335 | Hig | 0.49 | 7.5 | 0.08 | Mar 24, 2017 | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | ||
| CVE-2017-7227 | Hig | 0.49 | 7.5 | 0.03 | Mar 22, 2017 | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | ||
| CVE-2017-7225 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | ||
| CVE-2017-7223 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | ||
| CVE-2017-5357 | Hig | 0.49 | 7.5 | 0.03 | Feb 17, 2017 | regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | ||
| CVE-2016-5417 | Hig | 0.49 | 7.5 | 0.03 | Feb 17, 2017 | Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data… | ||
| CVE-2016-6131 | Hig | 0.49 | 7.5 | 0.05 | Feb 7, 2017 | The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | ||
| CVE-2016-6287 | Hig | 0.49 | 7.5 | 0.01 | Jan 10, 2017 | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all… | ||
| CVE-2016-6323 | Hig | 0.49 | 7.5 | 0.04 | Oct 7, 2016 | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by… | ||
| CVE-2016-6263 | Hig | 0.49 | 7.5 | 0.04 | Sep 7, 2016 | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | ||
| CVE-2016-6262 | Hig | 0.49 | 7.5 | 0.07 | Sep 7, 2016 | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | ||
| CVE-2016-6261 | Hig | 0.49 | 7.5 | 0.04 | Sep 7, 2016 | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | ||
| CVE-2016-3706 | Hig | 0.49 | 7.5 | 0.06 | Jun 10, 2016 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an… | ||
| CVE-2016-3075 | Hig | 0.49 | 7.5 | 0.07 | Jun 1, 2016 | Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | ||
| CVE-2016-1234 | Hig | 0.49 | 7.5 | 0.05 | Jun 1, 2016 | Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | ||
| CVE-2024-33602 | Hig | 0.48 | 7.4 | 0.00 | May 6, 2024 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to… |
- risk 0.49cvss 7.5epss 0.03
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
- risk 0.49cvss 7.5epss 0.04
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.06
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
- risk 0.49cvss 7.5epss 0.03
Emacs 24.4 allows remote attackers to bypass security restrictions.
- risk 0.49cvss 7.5epss 0.03
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
- risk 0.49cvss 7.5epss 0.06
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
- risk 0.49cvss 7.5epss 0.01
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
- risk 0.49cvss 7.5epss 0.01
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
- risk 0.49cvss 7.5epss 0.01
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.01
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
- risk 0.49cvss 7.5epss 0.02
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
- risk 0.49cvss 7.5epss 0.02
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
- risk 0.49cvss 7.5epss 0.02
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
- risk 0.49cvss 7.5epss 0.05
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.06
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
- risk 0.49cvss 7.5epss 0.03
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
- risk 0.49cvss 7.5epss 0.08
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used)…
- risk 0.49cvss 7.5epss 0.02
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a…
- risk 0.49cvss 7.5epss 0.01
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes…
- risk 0.49cvss 7.5epss 0.03
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.
- risk 0.49cvss 7.5epss 0.03
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
- risk 0.49cvss 7.5epss 0.02
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
- risk 0.49cvss 7.5epss 0.01
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.
- risk 0.49cvss 7.5epss 0.01
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while…
- risk 0.49cvss 7.5epss 0.08
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
- risk 0.49cvss 7.5epss 0.03
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
- risk 0.49cvss 7.5epss 0.02
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
- risk 0.49cvss 7.5epss 0.02
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
- risk 0.49cvss 7.5epss 0.03
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
- risk 0.49cvss 7.5epss 0.03
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data…
- risk 0.49cvss 7.5epss 0.05
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
- risk 0.49cvss 7.5epss 0.01
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all…
- risk 0.49cvss 7.5epss 0.04
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by…
- risk 0.49cvss 7.5epss 0.04
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
- risk 0.49cvss 7.5epss 0.07
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
- risk 0.49cvss 7.5epss 0.04
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
- risk 0.49cvss 7.5epss 0.06
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an…
- risk 0.49cvss 7.5epss 0.07
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
- risk 0.49cvss 7.5epss 0.05
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
- risk 0.48cvss 7.4epss 0.00
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to…
Page 4 of 23