2668 matches found
Moderate: Red Hat Security Advisory: glibc security update
An update for glibc is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...
Moderate: Red Hat Security Advisory: glibc security update
An update for glibc is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...
glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width
A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...
Astra Linux – Vulnerability in glibc
A out-of-bounds write vulnerability was discovered in glibc before version 2.31, when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution...
Astra Linux – Vulnerability in glibc
The iconv function in the GNU C Library versions 2.39 and earlier may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set. This could potentially cause an application to crash or overwrite a neighboring variable...
Astra Linux – Vulnerability in glibc
The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...
Astra Linux – Vulnerability in glibc
The iconv function in the GNU C Library also known as glibc or libc6 version 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially leading to a denial of service...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using LZO decompression. Integer overflow in the Matroskademux element within the LZO decompression function can cause a segfault, or potentially a heap overwrite, depending on the libc and operating system. Depending on the libc used and the...
Astra Linux – Vulnerability in glibc
The iconv function in the GNU C Library also known as glibc or libc6 versions 2.32 and earlier, when processing invalid multi-byte input sequences in encodings such as IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399, fails to advance the input state properly. This can lead to an infinite loop in...
Astra Linux – Vulnerability in glibc
The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...
Astra Linux – Vulnerability in c-ares
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...
Astra Linux – Vulnerability in glibc
NSCD: Stack-based buffer overflow in netgroup cache If the fixed-size cache of the Name Service Cache Daemon nscd is exhausted due to client requests, then a subsequent client request for netgroup data may lead to a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cach...
Astra Linux – Vulnerability in glibc
The mqnotify function in the GNU C Library also known as glibc versions 2.32 and 2.33 has a use-after-free vulnerability. It may access the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, resulting in a denial of service...
Astra Linux – Vulnerability in glibc
The iconv feature in the GNU C Library also known as glibc or libc6, up to version 2.32, may have a buffer over-read issue when processing invalid multi-byte input sequences in the EUC-KR encoding...
Astra Linux – Vulnerability in glibc
Before version 2.32, the GNU C Library also known as glibc or libc6 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contained a non-canonical bit pattern. This issue was observed when passing a value of 0x5d414141414141410000 to the sinl...
Astra Linux – Vulnerability in glibc
The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...
Astra Linux – Vulnerability in glibc
A flaw has been identified in glibc. In a rare situation, the gaihinet function may use memory that has already been freed, leading to an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...
Astra Linux – Vulnerability in glibc
The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using Zlib decompression. Integer overflow occurs in the matroskademux element within the gstmatroskadecompressdata function, which can cause a segfault—or potentially a heap overwrite, depending on the libc and operating system. Depending on the...