Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Glibc Security Vulnerabilities - 2023

cve
cve

CVE-2015-20109

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CV...

5.5CVSS

6AI Score

0.005EPSS

2023-06-25 05:15 PM
45
cve
cve

CVE-2023-0687

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

9.8CVSS

9.2AI Score

0.002EPSS

2023-02-06 07:15 PM
181
cve
cve

CVE-2023-25139

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of...

9.8CVSS

9.4AI Score

0.002EPSS

2023-02-03 06:15 AM
160
cve
cve

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data,...

6.5CVSS

6.8AI Score

0.001EPSS

2023-09-18 05:15 PM
547
cve
cve

CVE-2023-4806

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss _gethostbyname2_r and nss _getcanonname_r hooks without implementing...

5.9CVSS

6.5AI Score

0.001EPSS

2023-09-18 05:15 PM
482
cve
cve

CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue ...

5.9CVSS

6.6AI Score

0.001EPSS

2023-09-12 10:15 PM
473
cve
cve

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS

8AI Score

0.038EPSS

2023-10-03 06:15 PM
923
In Wild
cve
cve

CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

7.5CVSS

6.4AI Score

0.001EPSS

2023-09-25 04:15 PM
196