Medium: glibc

Issue Overview: stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary...

glibc: Buffer overflow in glob with GLOB_TILDE

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

glibc: Buffer overflow in glob with GLOB_TILDE

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

glibc: Buffer overflow during unescaping of user names with the ~ operator

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator...

openSUSE: Security Advisory for glibc (openSUSE-SU-2018:0089-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 27 : glibc (2017-0d3fdd3d1f)

This update adds support for the IBM858 codepage RHBZ1416405. It moves the nsscompat NSS service module to the main glibc package RHBZ1400538. As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure RHBZ1498880. /var/db/Makefile is now included in t...

EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1267)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in...

EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1268)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in...

GNU C Library 'glob' Function Buffer Overflow Vulnerability

The GNU C Library aka glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A buffer overflow vulnerability exists in the 'glob' function of the glob.c file in versions of the GNU C Library prior to 2.27. A remote attacker could exploit this vulnerability to...

CVE-2017-15804

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator...

CVE-2017-7086

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service resource consumption via a craft...

GNU C Library 'glob' function heap buffer overflow vulnerability

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A heap buffer overflow vulnerability exists in the glob.c file 'glob' function in versions of GNU C Library prior to 2.27. A remote attacker could exploit this vulnerability to execu...

CVE-2017-15804

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator...

CVE-2017-15804

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator...

CVE-2017-15804

CVE-2017-15804 affects the GNU C Library (glibc) glob() implementation: a buffer overflow occurs during unescaping of user names with the ~ operator in glob.c, in glibc versions before 2.27. Multiple connected advisories (e.g., ALAS2-2018-1048, CESA/CentOS notes) confirm the issue and list glibc ...

UBUNTU-CVE-2017-15804

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator...

UBUNTU-CVE-2017-15671

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak...

CVE-2017-15670

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

Memory corruption

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak...

CVE-2017-15671

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak...