CVE-2023-0687

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

CVE-2023-0687

CVE-2023-0687 affects GNU C Library (glibc) 2.38, specifically the __monstartup function in gmon.c of the Call Graph Monitor component. The issue enables a buffer overflow when handling an overly long input argument, with inputs described as addresses of the running application built with gmon en...

GNU C Library 安全漏洞

The GNU C Library glibc, libc6 is an open source, free C language compiler released under the LGPL license. A security vulnerability exists in GNU C Library version 2.38. An attacker has exploited the vulnerability to cause a buffer overflow...

CVE-2023-0687

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

PT-2023-1376 · Unknown +2 · Gnu C Library +2

Name of the Vulnerable Software and Affected Versions: GNU C Library version 2.38 Description: A critical issue has been identified in the GNU C Library, affecting the monstartup function of the gmon.c file in the Call Graph Monitor component. This issue leads to a buffer overflow. The inputs tha...

CVE-2023-0687

Removed by vendor...

The vulnerability of the GNU Binutils development tool, related to the handling of zero pointers, allows an attacker to execute a type of attack known as a “Denial-of-Service” (DoS) attack.

The vulnerability of the GNU Binutils development tool is related to a memory access error. Exploiting this vulnerability could allow an attacker to perform a type of attack known as a “Denial-of-Service” DoS attack while analyzing ELF files containing corrupted version information about symbols...

Amazon Linux 2 : emacs, emacs-common, emacs-devel (ALAS-2023-1928)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1928 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of...

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

ALPINE-CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

CVE-2023-25139

CVE-2023-25139 affects glibc 2.37. The issue is a buffer overflow in sprintf in certain scenarios when formatting a number with a buffer sized exactly for the string. For example, 1,234,567 padded to 13 may overflow by two bytes. The connected Siemens Tenable plugin repeats this description. The ...

GNU C Library 缓冲区错误漏洞

The GNU C Library glibc, libc6 is an open source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library that stems from a buffer overflow out-of-bounds write in sprintf when certain buffer sizes are correct...

ROS-20230203-03

A vulnerability in the GNU Binary Utilities binutils object code manipulation toolkit is related to a memory access error. Exploitation of the vulnerability could allow an attacker acting remotely to analyze an ELF file containing corrupted information. remotely, to analyze an ELF file containing...

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

PT-2023-19717

Name of the Vulnerable Software and Affected Versions GNU Screen versions through 4.9.0 Description The issue allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. This occurs when GNU Screen is installed setuid or setgi...

ROS-20230203-01

A vulnerability in the GNU Tar archiver is related to the fromheader function in list.c via the V7 archive, in which mtime contains approximately 11 whitespace characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to transmit special data to the application and...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip due to an improper validation of file name by the zgrep utility. CVE-2022-1271 . The GNU gzip component is included as part of the Base OS image that is used by Watson Speech...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in GNU glibc (CVE-2021-3999)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in GNU glibc, due to improper bounds checking by the getcwd function. CVE-2021-3999. The GNU glibc component is included as part of the Base OS image that is used by Watson Speech Services...

Fedora: Security Advisory for bind-dyndb-ldap (FEDORA-2023-95d98f89a8)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...