Advisory ROSA-SA-2021-1844

Software: glibc 2.17
OS: Cobalt 7.9

CVE-ID: CVE-2014-4043
CVE-Crit: MEDIUM
CVE-DESC: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument according to the POSIX specification, allowing context-dependent attackers to launch exploitation vulnerabilities after release.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9761
CVE-Crit: CRITICAL
CVE-DESC: Multiple stack-based buffer overflows in the GNU C library (also known as glibc or libc6) prior to version 2.23 allow context-sensitive attackers to cause a denial of service (application crash) or possibly execute arbitrary code using a long argument to ( 1) nan, (2) nanf, or (3) the nanl function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9984
CVE-Crit: CRITICAL
CVE-DESC: nscd in the GNU C library (also known as glibc or libc6) prior to version 2.20 does not correctly calculate the internal buffer size when processing network group requests, which may cause the nscd daemon to crash or execute code on behalf of the user running nscd.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8777
CVE-Crit: MEDIUM
CVE-DESC: The process_envvars function in elf / rtld.c in the GNU C library (also known as glibc or libc6) prior to version 2.23 allows local users to bypass the pointer protection mechanism by using the null value of the LD_POINTER_GUARD environment variable.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8779
CVE-Crit: CRITICAL
CVE-DESC: A stack-based buffer overflow in the catopen function in the GNU C library (also known as glibc or libc6) prior to version 2.23 allows context-sensitive attackers to cause a denial of service (application crash) or possibly execute arbitrary code through a long directory name.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8982
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the strxfrm function in the GNU C library (also known as glibc or libc6) prior to version 2.21 allows context-sensitive attackers to cause a denial of service (crash) or possibly execute arbitrary code over a long string, causing a stack-based buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8983
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the _IO_wstr_overflow function in libio / wstrops.c in the GNU C library (also known as glibc or libc6) prior to version 2.22 allows context-sensitive attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors associated with a byte size calculation, causing a heap-based buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8984
CVE-Crit: MEDIUM
CVE-DESC: The fnmatch function in the GNU C library (also known as glibc or libc6) prior to version 2.22 may allow context-sensitive attackers to cause a denial of service (application failure) using a garbled pattern that triggers a read outside of .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8985
CVE-Crit: MEDIUM
CVE-DESC: The pop_fail_stack function in the GNU C library (also known as glibc or libc6) allows context-sensitive attackers to cause a denial of service (assertion failure and application failure) via vectors associated with extended regular expression processing.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-1234
CVE-Crit: HIGH
CVE-DESC: Stack-based buffer overflow in the glob implementation of the GNU C library (also known as glibc) prior to 2.24, when GLOB_ALTDIRFUNC is used, allows context-sensitive attackers to cause a denial of service (failure) using a long name.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10228
CVE-Crit: MEDIUM
CVE-DESC: The iconv program in the GNU C library (also known as glibc or libc6) 2.31 and earlier, when called with multiple suffixes in the target encoding (TRANSLATE or IGNORE) along with the -c parameter, enters an infinite loop on invalid processing. multibyte input sequences leading to denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4429
CVE-Crit: MEDIUM
CVE-DESC: A stack-based buffer overflow in the clntudp_call function in sunrpc / clnt_udp.c in the GNU C library (also known as glibc or libc6) allows remote servers to cause a denial of service (failure) or possibly unspecified other impact via flooding of crafted ICMP and UDP packets.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5417
CVE-Crit: HIGH
CVE-DESC: A memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in the GNU C library (also known as glibc or libc6) prior to version 2.24 allows remote attackers to cause a denial of service (memory consumption) by partially initializing the internal data structure of the resolver.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6323
CVE-Crit: HIGH
CVE-DESC: The makecontext function in the GNU C library (also known as glibc or libc6) prior to version 2.25 creates execution contexts that are incompatible with unwind on ARM EABI (32-bit) platforms, which may allow context-dependent attackers to cause a denial of service. (hang), as demonstrated by applications compiled using gccgo related to backtrace generation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-12132
CVE-Crit: MEDIUM
CVE-DESC: The DNS stub resolver in the GNU C library (also known as glibc or libc6) prior to version 2.26, when EDNS support is enabled, will request large UDP responses from name servers, potentially facilitating off-path DNS spoofing attacks due to IP fragmentation. .
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2017-12133
CVE-Crit: MEDIUM
CVE-DESC: A post-release exploitation vulnerability in the clntudp_call function in sunrpc / clnt_udp.c in the GNU C library (also known as glibc or libc6) prior to version 2.26 allows remote attackers to have undefined impact via vectors associated with error paths.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-15671
CVE-Crit: MEDIUM
CVE-DESC: The glob function in glob.c of the GNU C library (also known as glibc or libc6) before 2.27, when called with GLOB_TILDE, could miss releasing allocated memory when processing a ~ statement with a long username, potentially leading to a denial of service (memory leak).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-20796
CVE-Crit: HIGH
CVE-DESC: In the GNU C library (also known as glibc or libc6) before version 2.29, check_dst_limits_calc_pos_1 in posix / regexec.c has uncontrolled recursion, as shown by '(\ 227 |) (\\ 1 \ 1 | t1 | t1 | \\ \\ \ 2537) + 'in grep.
CVE-STATUS: Default.
CVE-REV: default.

CVE-ID: CVE-2018-19591
CVE-Crit: HIGH
CVE-DESC: In the GNU C library (also known as glibc or libc6) prior to version 2.28, attempting to resolve a created hostname using getaddrinfo () results in the allocation of an unclosed socket descriptor. This is due to the if_nametoindex () function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-6488
CVE-Crit: HIGH
CVE-DESC: A string component in the GNU C library (also known as glibc or libc6) prior to version 2.28 when running on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes, which may cause a segmentation error. or possibly an unspecified other impact, as evidenced by a failure in __memmove_avx_unaligned_erms in sysdeps / x86_64 / multiarch / memmove-vec-unaligned-erms.S during memcpy.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-7309
CVE-Crit: MEDIUM
CVE-DESC: In the GNU C library (also known as glibc or libc6) prior to version 2.29, the memcmp function for the x32 architecture may incorrectly return zero (indicating that the input data is equal) because the high bit of RDX is not properly handled.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9169
CVE-Crit: CRITICAL.
CVE-DESC: The GNU C library (also known as glibc or libc6) prior to version 2.29 has a heap-based buffer over-read for continue_next_node in posix / regexec.c due to an attempt to match a case-insensitive regular expression.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-1751
CVE-Crit: HIGH
CVE-DESC: glibc before 2.31 introduced an out-of-range write vulnerability in signal tramp processing on PowerPC. Specifically, the backtrace function did not properly check array boundaries when storing the frame address, resulting in a denial of service or possible code execution. The biggest threat from this vulnerability is to system availability.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-1752
CVE-Crit: HIGH
CVE-DESC: A post-release usage vulnerability introduced in the initial glibc version 2.14 was discovered in the way tilde is expanded. This issue affected directory paths containing an initial tilde followed by a valid username. A local attacker could exploit this vulnerability by creating a specially crafted path that, when processed by the glob function, could potentially lead to the execution of arbitrary code. This has been fixed in version 2.32.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2020-27618
CVE-Crit: MEDIUM
CVE-DESC: The iconv function in the GNU C library (also known as glibc or libc6) 2.32 and earlier fails to advance input state when processing invalid multibyte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, which can lead to an infinite loop in applications resulting in a denial of service, a vulnerability other than CVE-2016-10228.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-6096
CVE-Crit: HIGH
CVE-DESC: A vulnerability exists in the ARMv7 implementation of memcpy () of GNU glibc 2.30.9000 that allows signed comparison to be used. Calling memcpy () (for ARMv7 targets using the GNU glibc implementation) with a negative value of the num parameter results in a signed comparison vulnerability. If an attacker underestimates the value of the num parameter for memcpy (), this vulnerability could lead to undefined behavior such as writing to forbidden memory and potentially remote code execution. In addition, this implementation of memcpy () allows program execution to continue in scenarios where a segmentation error or crash should have occurred. Hazards occur in this subsequent execution, and iterations of this code will be executed with this corrupted data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-3326
CVE-Crit: HIGH
CVE-DESC: The iconv function in the GNU C library (also known as glibc or libc6) 2.32 and earlier, when processing invalid ISO-2022-JP-3 encoded input sequences, fails to execute an assertion in the code path and aborts the program, potentially causing a denial of service.
CVE-STATUS: default
CVE-REV: default