CVE-2024-33599

CVE-2024-33599 affects the GNU C Library (glibc) with a stack-based overflow in the netgroup cache used by nscd when the fixed-size cache is overwhelmed by client requests. The flaw was introduced in glibc 2.15 and is present only in the nscd binary; exploitation can impact confidentiality, integ...

CVE-2024-33600

CVE-2024-33600 is an in-nscd (Name Service Cache Daemon) null pointer dereference caused by a failure to cache a not-found netgroup response. It affects the nscd binary and was introduced with glibc’s cache feature (glbic 2.15+). Exploitation depends on remote input, but the provided sources do n...

CVE-2024-2961

CVE-2024-2961 affects the GNU C Library (glibc) versions 2.39 and older. The iconv() implementation may overflow the output buffer by up to 4 bytes when converting strings to ISO-2022-CN-EXT, potentially crashing the application or overwriting adjacent memory. Publicly documented in glibc advisor...

CVE-2023-4911

CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...

CVE-2023-4527

CVE-2023-4527 concerns a flaw in the GNU C Library (glibc) where, when getaddrinfo is called with AF_UNSPEC and no-aaaa mode is set (via /etc/resolv.conf), a DNS TCP response larger than 2048 bytes could disclose stack contents in the returned address data and may crash the application. The issue...

CVE-2023-4806

CVE-2023-4806 affects glibc’s getaddrinfo in an extremely rare NSS module configuration where only certain nss * gethostbyname2_r/getcanonname_r hooks are implemented and the _gethostbyname3_r hook is missing. The flaw can cause getaddrinfo to access memory that has been freed, potentially crashi...

CVE-2019-25013

CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...

CVE-2015-0235

CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...

CVE-2023-4813

CVE-2023-4813 is a glibc flaw where gaih_inet may use freed memory, causing an application crash. It is exploitable when getaddrinfo is called and NSS/hosts database uses SUCCESS=continue or SUCCESS=merge. Public documentation confirms the issue and tracks it alongside other CVEs (e.g., CVE-2023-...

CVE-2023-5156

CVE-2023-5156 affects the GNU C Library (glibc). The initial description notes that a recent fix for CVE-2023-4806 introduced a memory leak that may cause an application crash. Connected advisories describe the issue in several contexts: Astra Linux detail cites a memory access/release issue in g...

CVE-2023-6246

CVE-2023-6246 affects the GNU C Library (glibc) in the __vsyslog_internal function, triggered when syslog/vsyslog are used and openlog is not called or ident is NULL; if the process name (argv[0] basename) exceeds 1024 bytes, a heap-based buffer overflow may occur, leading to a crash or local pri...

CVE-2020-10029

CVE-2020-10029 affects the GNU C Library (glibc) up to version 2.31.x, with a on‑stack buffer overflow during range reduction for 80‑bit long double inputs containing non‑canonical bit patterns on x86 targets. The issue is tied to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c and can occur when an input ...

CVE-2021-33574

CVE-2021-33574 affects the GNU C Library (glibc) mq_notify function in versions 2.32 and 2.33, where a notification thread attributes object passed via struct sigevent may be freed by the caller and then used, causing denial of service (crash) or other impact. Connected advisories confirm this is...

CVE-2022-39046

CVE-2022-39046 : In the GNU C Library (glibc) 2.36, passing a crafted input string larger than 1024 bytes to syslog reads uninitialized heap memory and writes it to the log, potentially exposing heap contents. This is the vulnerability described in multiple sources (NVD, OSV, Gentoo GLSA). Affect...

CVE-2023-6780

CVE-2023-6780 describes an integer overflow in glibc’s __vsyslog_internal, triggered by excessively long messages in syslog/vsyslog. Affected are glibc 2.37 and newer, where the message size can be miscalculated, leading to undefined behavior. Connected documents corroborate the glibc focus and r...

CVE-2023-25139

CVE-2023-25139 affects glibc 2.37. The issue is a buffer overflow in sprintf in certain scenarios when formatting a number with a buffer sized exactly for the string. For example, 1,234,567 padded to 13 may overflow by two bytes. The connected Siemens Tenable plugin repeats this description. The ...

CVE-2021-35942

CVE-2021-35942 affects the GNU C Library (glibc) wordexp in posix/wordexp.c. The root cause is an integer/regex handling issue caused by using atoi instead of strtoul, which can lead to an out-of-bounds read or memory access. Exploitation can crash the process or cause information disclosure (DoS...

CVE-2019-19126

CVE-2019-19126 affects glibc on x86-64 where LD_PREFER_MAP_32BIT_EXEC is not ignored after a security transition, enabling local attackers to bypass ASLR on setuid binaries by narrowing library address mappings. Public sources in Connected documents confirm the issue exists in glibc versions befo...

CVE-2020-29573

CVE-2020-29573 affects the GNU C Library (glibc) on x86, where sysdeps/i386/ldbl2mpn.c allows a stack-based buffer overflow when a printf-family input is an 80-bit long double with a non-canonical pattern (example: 0x0004000000000000000000000000000000000004 passed to sprintf). Public notes indica...

CVE-2018-1000001

CVE-2018-1000001 affects glibc up to version 2.26; realpath() can underflow a destination buffer when getcwd() returns a relative path, enabling local privilege escalation. Connected advisories confirm the issue and list affected packages (glibc and related). Remediation in documented advisories ...

CVE-2021-3999

CVE-2021-3999 is a glibc vulnerability: an off-by-one buffer overflow/underflow in getcwd() can corrupt memory when the destination buffer size is 1, enabling a local attacker in a setuid context to potentially escalate privileges. The connected advisories confirm this is a real issue across mult...

CVE-2023-6779

The CVE describes a heap-based off-by-one overflow in glibc’s __vsyslog_internal invoked by syslog/vsyslog when a message exceeds INT_MAX. Affected are glibc 2.37 and newer; exploitation may cause an application crash. Evidence from connected sources indicates a fix in patched glibc releases (e.g...

CVE-2016-10739

CVE-2016-10739 affects glibc (getaddrinfo) up to version 2.28, where a string containing an IPv4 address followed by whitespace and extra characters could be misinterpreted as valid. This may allow an attacker to bypass validation or embed dangerous substrings in inputs that appear to be legitima...

CVE-2020-27618

Summary (CVE-2020-27618) The vulnerability affects the GNU C Library (glibc) iconv input handling. When processing invalid multi-byte input sequences in specific IBM encodings, iconv may fail to advance the input state, potentially causing an infinite loop and a denial of service. This behavior i...

CVE-2019-9169

CVE-2019-9169 affects GNU C Library (glibc) up to 2.29, where proceed_next_node in posix/regexec.c permits a heap-based buffer over-read during a case-insensitive regular-expression match. Impact: potential information disclosure via crafted input; CVSS/assessment in references indicates high/cri...

CVE-2024-33602

CVE-2024-33602 affects the glibc nscd netgroup cache. The flaw is caused by the netgroup cache assuming NSS callbacks use in-buffer strings, which can lead to memory corruption when not all strings fit in the provided buffer. The issue was introduced with glibc 2.15 and is present only in the nsc...

CVE-2024-33601

CVE-2024-33601 affects the glibc-based nscd daemon, specifically its netgroup cache. The cache uses xmalloc/xrealloc and may terminate the daemon on a memory-allocation failure, causing a denial of service to clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. Evidenc...

CVE-2021-3326

CVE-2021-3326 affects the GNU C Library (glibc) iconv implementation. When processing invalid input sequences for ISO-2022-JP-3, glibc 2.32 and earlier can trigger an assertion failure and abort, potentially leading to a denial of service. Public vendor advisories and post-release notes confirm t...

CVE-2017-1000366

CVE-2017-1000366 affects glibc (vulnerable in 2.25 and earlier). A flaw in heap/stack memory handling allows crafted LD_LIBRARY_PATH values to influence allocation and memory layout, potentially enabling local arbitrary code execution via stack/heap aliasing. Several advisories and distributions ...

CVE-2022-23218

Summary: CVE-2022-23218 (glibc) is a stack-based buffer overflow in the sunrpc path handling function svcunix_create, allowing potential denial of service or arbitrary code execution if a stack protector is not present. The issue affects glibc up to version 2.34 per the description. Multiple conn...

CVE-2022-23219

The CVE-2022-23219 entry is supported by concrete details in connected sources: glibc’s sunrpc clnt_create copies its hostname onto the stack without length validation (through glibc 2.34). This can cause a stack-based buffer overflow, leading to denial of service or, on systems without stack pro...

CVE-2018-6485

CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...

CVE-2020-1751

CVE-2020-1751 summary (glibc): An out-of-bounds write vulnerability in glibc prior to 2.31 affects the backtrace handling for signal trampolines on PowerPC. The implementation did not properly bound-check the array when storing the frame address, leading to potential denial of service or code exe...

CVE-2015-7547

CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...

CVE-2010-4756

Technical details about CVE-2010-4756 are not provided in the connected documents. The Initial Description notes a glibc glob DoS via crafted expressions but lacks product/version/impact/fix specifics. Monitor for updates.

CVE-2010-3856

CVE-2010-3856 affects glibc's dynamic linker (ld.so). Local users can escalate privileges by abusing LD_AUDIT to load an unsafe DSO from a trusted library directory. Concrete details: affected components are ld.so in glibc before 2.11.3 and 2.12.x before 2.12.2; the underlying issue is improper L...

CVE-2016-10228

Summary of CVE-2016-10228 from provided sources: The GNU C Library (glibc) iconv processing can enter an infinite loop and cause a denial of service when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) together with the -c option, processing invalid multi-byte inp...

CVE-2021-3998

CVE-2021-3998 is a glibc flaw where the realpath() function may return an unexpected value, potentially leaking sensitive information. The connected IBM/enterprise bulletins summarize the vulnerability as an information disclosure issue tied to the realpath() implementation, indicating a local-au...

CVE-2025-4802

CVE-2025-4802 affects the GNU C Library (glibc) versions 2.27–2.38. The issue is an untrusted LD_LIBRARY_PATH vulnerability that enables attacker-controlled loading of dynamically-linked libraries by statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlo...

CVE-2019-1010022

CVE-2019-1010022: GNU Libc nptl has a stack guard bypass via a stack-buffer vulnerability. The description notes attackers could bypass stack guard protections by exploiting a stack overflow in the attack vector, with upstream comments claiming this is treated as a non-security bug and “no real t...

CVE-2020-1752

CVE-2020-1752 (glibc) is a use-after-free vulnerability in the tilde expansion path handling of glibc’s glob processing, originating in upstream version 2.14 and fixed in 2.32. The issue affects directory paths beginning with a tilde followed by a valid username and can be exploited by a local at...

CVE-2019-9192

CVE-2019-9192: In glibc up to 2.29, check_dst_limits_calc_pos_1 (posix/regexec.c) can cause uncontrolled recursion demonstrated by crafted patterns in grep; vendor notes this behavior occurs only with crafted patterns. Affected: GNU C Library (glibc/libc6) prior to 2.30; root cause is uncontrolle...

CVE-2021-27645

CVE-2021-27645 affects the GNU C Library (glibc) nscd: a double-free in netgroupcache.c may crash the nameserver caching daemon and cause local Denial of Service. Public reports reference glibc versions 2.29–2.33 as affected, with remediation via security updates. Debian’s DLA-3152-1 (glibc 2.28-...

CVE-2018-11236

Summary (CVE-2018-11236) : In glibc, the realpath path processing path can trigger an integer overflow in 32-bit builds within stdlib/canonicalize.c when handling very long pathname arguments, producing a stack-based buffer overflow and potentially arbitrary code execution. The vulnerability affe...

CVE-2023-0687

CVE-2023-0687 affects GNU C Library (glibc) 2.38, specifically the __monstartup function in gmon.c of the Call Graph Monitor component. The issue enables a buffer overflow when handling an overly long input argument, with inputs described as addresses of the running application built with gmon en...

CVE-2019-1010023

CVE-2019-1010023 is reflected in OSV entries for Root OS Debian 12/13, where the rootio-glibc package is patched. The Debian-backed records indicate multiple fixed versions are available; the initial description notes a threat involving re-mapping a loaded ELF via two files and ldd, but upstream ...

CVE-2020-29562

The CVE-2020-29562 issue affects glibc (GNU C Library) 2.30–2.32, where iconv processing of UCS4 text containing an irreversible character triggers an assertion failure and aborts the process, potentially causing a denial of service. Connected advisories and vendor feeds confirm the vulnerability...

CVE-2009-5155

CVE-2009-5155 affects the GNU C Library (glibc) prior to 2.28. The vulnerability is in parse_reg_exp (posix/regcomp.c) where misparsing alternatives can cause a denial of service (assertion failure and process exit) or yield an incorrect match result. Affected products include glibc in systems us...

CVE-2016-4429

CVE-2016-4429: In glibc, a stack-based buffer overflow in sunrpc/clnt_udp.c:clntudp_call can be triggered by a flood of crafted ICMP/UDP packets, enabling a remote attacker to cause a denial of service (crash) and possibly other impact. Connected docs confirm the issue as a buffer overflow in the...

CVE-2015-5180

CVE-2015-5180 affects the GNU C Library (glibc) through the libresolv component, specifically res_query, with vulnerable releases prior to glibc 2.25. A remote attacker can trigger a NULL pointer dereference in res_query, causing a denial of service (process crash). The available connected docume...