| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/source-package/glibc |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-15281 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-8058 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-0861 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-0915 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-4046 |
| packages | www.packages.debian.org/source/bullseye/glibc |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4621. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(319637);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/08");
script_cve_id(
"CVE-2025-8058",
"CVE-2025-15281",
"CVE-2026-0861",
"CVE-2026-0915",
"CVE-2026-4046"
);
script_xref(name:"IAVA", value:"2025-A-0549-S");
script_xref(name:"IAVA", value:"2026-A-0102");
script_name(english:"Debian dla-4621 : glibc-doc - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4621 advisory.
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4621-1 [email protected]
https://www.debian.org/lts/security/ Arnaud Rebillout
June 08, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : glibc
Version : 2.31-13+deb11u14
CVE ID : CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915
CVE-2026-4046
Debian Bug : 1109803 1125678 1125748 1126266 1132499
Several vulnerabilities have been discovered in the GNU C Library, the C
standard library implementation used by Debian.
CVE-2025-8058
posix: Fix double-free after allocation failure in regcomp
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed
malloc that injects random malloc failures. The double free can allow
buffer manipulation depending of how the regex is constructed. This
issue affects all architectures and ABIs supported by the GNU C
library.
CVE-2025-15281
posix: Reset wordexp_t fields with WRDE_REUSE
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the
GNU C Library version 2.0 to version 2.42 may cause the interface to
return uninitialized memory in the we_wordv member, which on
subsequent calls to wordfree may abort the process.
CVE-2026-0861
memalign: reinstate alignment overflow check
Passing too large an alignment to the memalign suite of functions
(memalign, posix_memalign, aligned_alloc) in the GNU C Library version
2.30 to 2.42 may result in an integer overflow, which could
consequently result in a heap corruption. Note that the attacker must
have control over both, the size as well as the alignment arguments of
the memalign function to be able to exploit this. The size parameter
must be close enough to PTRDIFF_MAX so as to overflow size_t along
with the large alignment argument. This limits the malicious inputs
for the alignment for memalign to the range [1<<62+ 1, 1<<63] and
exactly 1<<63 for posix_memalign and aligned_alloc. Typically the
alignment argument passed to such functions is a known constrained
quantity (e.g. page size, block size, struct sizes) and is not
attacker controlled, because of which this may not be easily
exploitable in practice. An application bug could potentially result
in the input alignment being too large, e.g. due to a different buffer
overflow or integer overflow in the application or its dependent
libraries, but that is again an uncommon usage pattern given typical
sources of alignments.
CVE-2026-0915
resolv: Fix NSS DNS backend for getnetbyaddr
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf
that specifies the library's DNS backend for networks and queries for
a zero-valued network in the GNU C Library version 2.0 to version 2.42
can leak stack contents to the configured DNS resolver.
CVE-2026-4046
iconvdata: Use pending character state in IBM1390, IBM1399 character sets
The iconv() function in the GNU C Library versions 2.43 and earlier
may crash due to an assertion failure when converting inputs from the
IBM1390 or IBM1399 character sets, which may be used to remotely crash
an application. This vulnerability can be trivially mitigated by
removing the IBM1390 and IBM1399 character sets from systems that do
not need them.
For Debian 11 bullseye, these problems have been fixed in version
2.31-13+deb11u14.
We recommend that you upgrade your glibc packages.
For the detailed security status of glibc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glibc
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/glibc");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-15281");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-8058");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-0861");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-0915");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-4046");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/glibc");
script_set_attribute(attribute:"solution", value:
"Upgrade the glibc-doc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-0915");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-0861");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-8058");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-devtools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-l10n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-x32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-x32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'glibc-doc', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'glibc-source', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc-bin', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc-dev-bin', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc-devtools', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc-l10n', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-amd64', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-dbg', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-dev', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-dev-amd64', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-dev-i386', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-dev-x32', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-i386', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-udeb', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-x32', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'libc6-xen', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'locales', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'locales-all', 'reference': '2.31-13+deb11u14'},
{'release': '11.0', 'prefix': 'nscd', 'reference': '2.31-13+deb11u14'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc-doc / glibc-source / libc-bin / libc-dev-bin / libc-devtools / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation