Astra Linux - уязвимость в glibc

The mqnotify function in the GNU C Library also known as glibc versions 2.32 and 2.33 has a use-after-free vulnerability. It may access the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, resulting in a denial of service...

NewStart CGSL MAIN 6.06 (SP) : glibc Multiple Vulnerabilities (NS-SA-2026-0027)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has glibc packages installed that are affected by multiple vulnerabilities: - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000861)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000861 advisory. The mqnotify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlin...

EUVD-2021-20261

Malware in sbrugna...

Unity Linux 20.1070e Security Update: glibc (UTSA-2025-680658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680658 advisory. In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference...

Medium: glibc

Issue Overview: The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

SUSE CVE-2017-11176

The mqnotify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service use-after-free or possibly have unspecified other impact...

Debian dla-3152 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected]...

The vulnerability of the GNU C Library (glibc) is related to the use of memory after it is freed, allowing a hacker to perform a denial-of-service attack.

The vulnerability of the mqnotify function in the GNU C Library glibc is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

RHEL 8 : glibc (RHSA-2021:4358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4358 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

CentOS 8 : glibc (CESA-2021:4358)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4358 advisory. - glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c CVE-2021-27645 - glibc: mqnotify does not handle separately allocated thread...

CLSA-2021-1635459187 Fix CVE(s): CVE-2021-33574, CVE-2021-38604, CVE-2021-35942

debian/patches/any/add-pthread-attr-copy.patch: adopt pthreadattrcopy functionality. debian/patches/any/add-test-for-pthread-attr-copy.patch: add test case for it. SECURITY UPDATE: Use-after-free in mqnotify - debian/patches/any/CVE-2021-33574.patch: use pthreadattrcopy to completely duplicate...

Security update for glibc (moderate)

openSUSE Security Update: Security update for glibc Announcement ID: openSUSE-SU-2021:1374-1 Rating: moderate References: 1186489 1187911 Cross-References: CVE-2021-33574 CVE-2021-35942 CVSS scores: CVE-2021-33574 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33574 SUSE: 5.9...

In librt in the GNU C Library (aka glibc) through 2.34 sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

...

CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

AZL-6442 CVE-2021-38604 affecting package glibc for versions less than 2.35-1

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

UBUNTU-CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

GNU C Library 代码问题漏洞

The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library aka glibc version 2.34 and earlier versions of librt, which stems from sysdeps/unix/sysv/linux/mqnotify.c incorrectly handling certain...

OESA-2021-1239 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.

...