UBUNTU-CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Medium: gsl

Issue Overview: A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application...

glibc buffer error vulnerability

glibc GNU C Library is the C standard library implemented by the GNU Project. A buffer error vulnerability exists in glibc that stems from a buffer overflow vulnerability in the dynamically loaded program ld.so...

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Ubuntu 22.04 LTS / 23.04 : GNU C Library vulnerabilities (USN-6409-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6409-1 advisory. It was discovered that the GNU C Library incorrectly handled the GLIBCTUNABLES environment variable. An attacker could possibly use this issue to...

Heap BoF in trunc_string()

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit 6ee7b521fa7531ef356ececc8be7575c3800f872 . Description Heap BoF in the file /src/message.c in the function truncstring at line 356. Snippet c bufe -...

Mageia: Security Advisory (MGASA-2023-0274)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CWE-476 leads to potential OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit f109bf93c9402e4e3122a7ae7846e6feae4fa222 . Description This AddressSanitizer output is indicating a OOB read that is semi-controllable, but is...

Updated indent package fixes security vulnerabilities

GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...

MGASA-2023-0274 Updated indent package fixes security vulnerabilities

GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...

PT-2023-36332 · Gnu · Gnu Indent

Name of the Vulnerable Software and Affected Versions: GNU indent version 2.2.13 Description: The issue is related to a heap-based buffer overflow in the search brace function in indent.c via a crafted file, as well as a heap overread in the lexi function. Recommendations: For GNU indent version...

GNU Binutils: Multiple Vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...

GLSA-202309-15 : GNU Binutils: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-15 GNU Binutils: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gsl (SUSE-SU-2023:3858-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3858-1 advisory. - A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU...

Fedora 38 : gdb (2023-d94be55511)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d94be55511 advisory. Security fix for CVE-2022-48064 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 38 : emacs (2023-5763445abe)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5763445abe advisory. Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339. Tenable has extracted the preceding description block directly...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : binutils (SUSE-SU-2023:3825-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3825-1 advisory. Update to version 2.41 jscPED-5778: The MIPS port now supports the Sony Interactive Entertainmen...

Glibc: dos due to memory leak in getaddrinfo.c

...

SUSE CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...

GNU C Library Memory Leak Vulnerability

GNU C Library is a C standard library implemented by the GNU project to provide underlying API support for the Linux system, encapsulating basic functions such as file operations, memory management, and process control. A memory leak vulnerability exists in GNU C Library, which can be exploited b...