CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

CVE-2026-4437

CVE-2026-4437 concerns glibc’s DNS response parsing. According to the initial document, calling gethostbyaddr/gethostbyaddr_r with a configured nsswitch.conf DNS backend in GNU C Library versions 2.34–2.43 can yield a crafted DNS response that violates the DNS specification, causing the applicati...

EulerOS Virtualization 2.12.0 : glibc (EulerOS-SA-2026-1483)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2026-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : glibc (EulerOS-SA-2026-1236)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 m...

CVE-2026-0861 affecting package glibc for versions less than 2.38-18

CVE-2026-0861 affecting package glibc for versions less than 2.38-18. A patched version of the package is available...

CVE-2025-15281 affecting package glibc for versions less than 2.38-18

CVE-2025-15281 affecting package glibc for versions less than 2.38-18. A patched version of the package is available...

CVE-2025-0395 affecting package glibc for versions less than 2.35-8

CVE-2025-0395 affecting package glibc for versions less than 2.35-8. A patched version of the package is available...

CVE-2025-15281 wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

SUSE CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

CVE-2026-0861 Integer overflow in memalign leads to heap corruption

Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...

EUVD-2026-2441

Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc, valloc, pvalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption...

CVE-2025-8058 affecting package glibc for versions less than 2.38-15

CVE-2025-8058 affecting package glibc for versions less than 2.38-15. A patched version of the package is available...

EUVD-2025-18586

Malicious code in bioql PyPI...

EulerOS 2.0 SP13 : glibc (EulerOS-SA-2025-1988)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

AZL-61877 CVE-2025-4802 affecting package glibc for versions less than 2.38-14

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

PT-2024-3321

Name of the Vulnerable Software and Affected Versions glibc versions 2.15 and later Description The Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, resulting in a null pointer dereference when a client request is made. This flaw was introduced in...