glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

A flaw was found in glibc. When the wordexp function is called with the flags WRDEREUSE and WRDEAPPEND, it may return uninitialized memory. If the caller inspects the wewordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of servic...

glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

A flaw was found in glibc. When the wordexp function is called with the flags WRDEREUSE and WRDEAPPEND, it may return uninitialized memory. If the caller inspects the wewordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of servic...

OESA-2026-1265 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

...

CVE-2025-15281

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

PT-2026-3558

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.0 through 2.42 Description Using the wordexp function with WRDE REUSE and WRDE APPEND together in the GNU C Library can lead to the function returning uninitialized memory in the we wordv member. Subsequent calls to...

SUSE CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

kernel: don't allow splice() to files opened with O_APPEND

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...