841 matches found
Amazon Linux 2 : glibc (ALAS-2018-992)
Integer overflow in malloc functions : The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that i...
glibc security update
2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...
Medium: glibc
Issue Overview: Integer overflow in malloc functions: The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a hea...
CVE-2017-17148
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks...
Design/Logic Flaw
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks...
CVE-2017-17148
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks...
CVE-2017-17148
Summary: CVE-2017-17148 affects Huawei DP300 V500R002C00. The issue is a DoS caused by lack of validation when malloc is called during XML parsing; an authenticated local attacker can craft specific XML files to trigger parsing and cause a denial of service. This is a local, low-privilege vector ...
389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances...
Security update for glibc (important)
This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0451-1)
This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...
powerpc and Intel i386 GNU C Library Integer Overflow Vulnerability
The powerpc is a compact instruction set architecture CPU central processing unit.The Intel i386 is an x86 series CPU central processing unit from Intel Corporation.The GNU C Library aka glibc, libc6 is one of the open source, freeware C language compilers released under the LGPL license. An...
CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
Design/Logic Flaw
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
CVE-2018-6551
CVE-2018-6551 concerns the GNU C Library (glibc) malloc implementation with arguments near SIZE_MAX, causing heap corruption due to an integer overflow. Affected are glibc versions 2.24–2.26 on powerpc and 2.26 on i386. IBM advisories (IMM2, DSA Preboot, AMM) reference CVE-2018-6551 and describe ...
CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...