Lucene search
K
GnuGlibc

163 matches found

CVE
CVE
added 2013/10/09 10:0 p.m.116 views

CVE-2013-4237

CVE-2013-4237 affects glibc (GNU C Library) 2.18 and earlier, in sysdeps/posix/readdir_r.c. A context-dependent attacker could trigger an out-of-bounds write in readdir_r via a crafted NTFS or CIFS image, causing a denial of service or potentially executing arbitrary code. Exploitation details ar...

6.8CVSS7.8AI score0.03832EPSS
CVE
CVE
added 2015/04/08 10:0 a.m.116 views

CVE-2015-1473

CVE-2015-1473 affects the GNU C Library (glibc) prior to version 2.21, arising from the ADDW macro in stdio-common/vfscanf.c not properly factoring data-type size when using alloca in a wscanf path. This can allow context-dependent attackers to cause a denial of service (segmentation fault) or ov...

6.4CVSS7.1AI score0.02129EPSS
CVE
CVE
added 2003/03/21 5:0 a.m.113 views

CVE-2003-0028

Technical details about CVE-2003-0028 are not present in the provided documents. The connected sources reference the CVE in Debian/OpenVAS advisories but do not specify affected products, root cause, versions, impact, or fixes.

7.5CVSS9.8AI score0.15031EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.113 views

CVE-2012-3405

CVE-2012-3405 affects the GNU C Library (glibc) vfprintf handling in stdio-common/vfprintf.c, where improper buffer length calculation can bypass Fortify_source format-string protection and trigger a denial of service via a crafted format string with many specifiers. Public references in the Debi...

5CVSS7.2AI score0.02087EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.112 views

CVE-2015-8983

CVE-2015-8983 describes an Integer overflow in glibc's _IO_wstr_overflow (libio/wstrops.c) prior to version 2.22 that can trigger a heap-based buffer overflow, potentially causing an application crash or arbitrary code execution under certain conditions. Affected: GNU C Library (glibc) before 2.2...

8.1CVSS8AI score0.03871EPSS
CVE
CVE
added 2010/06/01 8:0 p.m.111 views

CVE-2009-4880

Glibc (GNU C Library) is affected by CVE-2009-4880: multiple integer overflows in strfmon handling that can be triggered by a crafted format string, potentially causing memory growth or an application crash (denial of service). This is observed in glibc 2.10.1 and earlier. Mitigation per connecte...

5CVSS6.2AI score0.11222EPSS
CVE
CVE
added 2015/12/17 7:0 p.m.111 views

CVE-2015-5277

CVE-2015-5277 affects the GNU C Library (glibc) NSS get_contents backend in nss_files, where a long line in the NSS files database can trigger heap corruption and enable local privilege escalation. Engines in connected advisories confirm this vulnerability existed in glibc prior to version 2.20 a...

7.2CVSS7.9AI score0.00588EPSS
CVE
CVE
added 2011/04/10 1:29 a.m.110 views

CVE-2011-1089

CVE-2011-1089 refers to a vulnerability in the GNU C Library (glibc/libc6) up to version 2.13 where addmntent does not report an error when writes to /etc/mtab fail. The issue enables local users to trigger corruption of /etc/mtab, demonstrated by a process with a small RLIMIT_FSIZE. This is a se...

3.3CVSS8.3AI score0.00417EPSS
CVE
CVE
added 2010/06/01 8:0 p.m.109 views

CVE-2010-0296

CVE-2010-0296 concerns the GNU C Library (glibc) up to version 2.11.1. The encode_name macro in misc/mntent_r.c fails to handle newline characters in mountpoint names, used by ncpmount and mount.cifs, leading to potential mtab corruption and, via crafted mount requests, local privilege elevation....

7.2CVSS7.6AI score0.00592EPSS
CVE
CVE
added 2011/04/08 3:0 p.m.109 views

CVE-2011-0536

CVE-2011-0536 affects glibc/ld.so in modified glibc builds where a setuid/setgid program contains $ORIGIN in RPATH or RUNPATH; a crafted DSO in a subdirectory can escalate privileges via local access. Root cause is an incorrect fix for CVE-2010-3847. The issue is discussed in multiple advisories ...

6.9CVSS8.3AI score0.00787EPSS
CVE
CVE
added 2017/06/12 1:0 p.m.109 views

CVE-2014-9984

CVE-2014-9984 affects the GNU C Library (glibc) nscd when processing netgroup requests: the internal buffer size is not computed correctly, which can cause an nscd daemon crash or allow code execution as the user running nscd. The vulnerability is tied to glibc versions prior to 2.20. Several adv...

9.8CVSS8.8AI score0.0444EPSS
CVE
CVE
added 2013/10/09 10:0 p.m.108 views

CVE-2013-2207

CVE-2013-2207: In the GNU C Library (glibc), pt_chown() can bypass security restrictions due to improper permission checks, allowing a local attacker to access other users’ pseudoterminals. The vulnerability affects glibc versions before 2.18. IBM advisories (FSM, IMM2, AMM) reference CVE-2013-22...

2.6CVSS8AI score0.00352EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.108 views

CVE-2018-6551

CVE-2018-6551 concerns the GNU C Library (glibc) malloc implementation with arguments near SIZE_MAX, causing heap corruption due to an integer overflow. Affected are glibc versions 2.24–2.26 on powerpc and 2.26 on i386. IBM advisories (IMM2, DSA Preboot, AMM) reference CVE-2018-6551 and describe ...

9.8CVSS8.3AI score0.02231EPSS
CVE
CVE
added 2013/10/09 10:0 p.m.106 views

CVE-2012-4412

CVE-2012-4412 affects the GNU C Library (glibc) up to and including version 2.17. The issue is an integer overflow in string/strcoll_l.c that can be triggered by a long string, leading to a heap-based buffer overflow. This can cause a denial of service (crash) and, per the description, may allow ...

7.5CVSS8AI score0.16665EPSS
CVE
CVE
added 2013/05/02 2:0 p.m.104 views

CVE-2009-5029

CVE-2009-5029 stems from an integer overflow in glibc's __tzfile_read, affecting glibc versions prior to 2.15. The issue allows context-dependent attackers to crash the process (DoS) and potentially execute arbitrary code via a crafted timezone (TZ) file, with demonstrations reported using vsftpd...

6.8CVSS8.6AI score0.08073EPSS
CVE
CVE
added 2011/01/13 6:35 p.m.104 views

CVE-2010-4052

Vulnerability: GNU C Library (glibc/libc6) regcomp contains a stack-consumption DoS flaw. Affects versions up to 2.11.3 and 2.12.x up to 2.12.2. Attackers can exhaust resources via crafted regular expressions with adjacent repetition operators, as shown by the proftpd.gnu.c exploit. The connected...

5CVSS8.7AI score0.51298EPSS
CVE
CVE
added 2017/03/15 7:0 p.m.104 views

CVE-2015-8982

CVE-2015-8982 maps to an Integer Overflow in glibc’s strxfrm (pre-2.21) that could trigger a stack-based overflow, crash, or possible code execution. In the provided data, affected product is Cloud Pak for Security (CP4S) version 1.8.0.0, 1.8.1.0. Remediation = upgrade to CP4S 1.9.0.0 per IBM gui...

8.1CVSS7.2AI score0.03797EPSS
CVE
CVE
added 2012/08/25 10:0 a.m.103 views

CVE-2012-3480

CVE-2012-3480 affects the GNU C Library (glibc/eglibc). Reports in connected documents describe multiple integer overflows in parser/conversion routines (strtod, strtof, strtold, strtod_l, and related functions) that can enable a local user to cause an application crash or possibly execute arbitr...

4.6CVSS6.9AI score0.00993EPSS
CVE
CVE
added 2014/12/05 4:0 p.m.102 views

CVE-2012-6656

CVE-2012-6656 affects GNU C Library (glibc) iconvdata/ibm930.c, where iconv converting IBM930 to UTF-8 can trigger an out-of-bounds read by a multibyte value 0xffff. This is a context-dependent denial-of-service vulnerability. The description indicates the issue exists in glibc before version 2.1...

5CVSS7AI score0.03439EPSS
CVE
CVE
added 2019/01/18 7:0 p.m.102 views

CVE-2019-6488

CVE-2019-6488 affects the GNU C Library (glibc) on x32, where the assembly path for size_t incorrectly uses a 64-bit register. This discrepancy can cause a crash in __memmove_avx_unaligned_erms during memcpy, leading to a segmentation fault or potentially other impact as described in the vulnerab...

7.8CVSS5.6AI score0.00436EPSS
CVE
CVE
added 2013/10/04 5:0 p.m.101 views

CVE-2013-4788

CVE-2013-4788 affects glibc (GNU C Library) up to version 2.4/2.17 and EGLIBC; PTR_MANGLE does not initialize the random value for the pointer guard, enabling context-dependent attackers to influence control flow via a buffer-overflow in an application. Affected components: PTR_MANGLE implementat...

5.1CVSS7.2AI score0.11428EPSS
CVE
CVE
added 2017/10/20 5:0 p.m.101 views

CVE-2017-15671

CVE-2017-15671 applies to the GNU C Library (glibc) glob implementation: when invoked with GLOB_TILDE, memory could fail to be freed during ~ expansion for very long usernames, potentially causing a denial of service via memory leak. Affected: glibc versions before 2.27. The connected documents d...

5.9CVSS6.9AI score0.01431EPSS
CVE
CVE
added 2026/01/20 1:22 p.m.100 views

CVE-2025-15281

CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...

7.5CVSS5.3AI score0.00286EPSS
CVE
CVE
added 2023/06/25 12:0 a.m.98 views

CVE-2015-20109

CVE-2015-20109 is a glibc (GNU C Library) local denial-of-service issue tied to end_pattern usage in internal_fnmatch, potentially causing application crashes when fnmatch is used with the (!()) pattern. The description specifies affected component (glibc) and version class (before 2.22). Public ...

5.5CVSS6AI score0.00317EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.98 views

CVE-2015-8984

CVE-2015-8984 affects IBM Cloud Pak for Security (CP4S). The CP4S remediation bulletin confirms CP4S versions 1.8.1.0, 1.8.0.0 and 1.7.2.0 contain the glibc fnmatch out-of-bounds read vulnerability described in the CVE (context-dependent denial-of-service via malformed pattern). The documented fi...

5.9CVSS5.9AI score0.02429EPSS
CVE
CVE
added 2010/06/01 8:0 p.m.94 views

CVE-2010-0830

CVE-2010-0830 describes an integer signedness error in the GNU C Library’s dynamic linker component ld.so, specifically in elf_get_dynamic_info. The vulnerability affects glibc versions 2.0.1 through 2.11.1, and is triggered when using the --verify option. A crafted ELF binary with a negative d_t...

5.1CVSS8.4AI score0.04514EPSS
CVE
CVE
added 2011/04/10 1:29 a.m.94 views

CVE-2011-1095

Summary of CVE-2011-1095 (glibc locale quoting issue) : The vulnerability affects locale/programs/locale.c in the GNU C Library (glibc/libc6) prior to version 2.13. The code does not properly quote its output, which might allow local users to gain privileges via a crafted localization environment...

6.2CVSS7.6AI score0.00518EPSS
CVE
CVE
added 2013/10/09 10:0 p.m.94 views

CVE-2012-4424

CVE-2012-4424 is a stack-based buffer overflow in glibc's strcoll_l.c (glibc/ libc6) 2.17 and earlier. The description states that a long string could trigger a malloc failure and use of alloca, enabling context-dependent attackers to cause a denial of service (crash) or potentially execute arbit...

5.1CVSS7.9AI score0.03377EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.92 views

CVE-2004-1453

CVE-2004-1453 affects the GNU C Library (glibc). The issue arises when LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK are not restricted for setuid programs, allowing a local attacker to obtain sensitive information (e.g., the program’s symbol list). This is a local information disclosure vulnerabil...

2.1CVSS6AI score0.00364EPSS
CVE
CVE
added 2011/01/13 6:35 p.m.92 views

CVE-2010-4051

CVE-2010-4051 : The regcomp implementation in the GNU C Library (glibc/libc6) allows context-dependent attackers to cause a denial of service (application crash) via a regex containing adjacent bounded repetitions that bypass the RE_DUP_MAX limit. Affected versions include up to 2.11.3 and 2.12.x...

5CVSS6.2AI score0.39995EPSS
CVE
CVE
added 2011/04/08 3:0 p.m.91 views

CVE-2011-1658

CVE-2011-1658 affects the GNU C Library (glibc) ld.so: when RPATH consists entirely of the special token $ORIGIN, it can enable local privilege escalation by linking a crafted LD_PRELOAD with a setuid/setgid program. Affected are glibc versions 2.13 and earlier. The root cause is expansion of the...

3.7CVSS8AI score0.00311EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.91 views

CVE-2017-17426

CVE-2017-17426 affects the GNU C Library (glibc/libc6) up to version 2.26. The heap overflow arises from an integer overflow check missing in the per-thread cache (tcache) path when allocating an object near SIZE_MAX, potentially allowing code execution. Exploitation details are not provided in t...

8.1CVSS8.5AI score0.01604EPSS
CVE
CVE
added 2010/01/14 6:0 p.m.90 views

CVE-2010-0015

CVE-2010-0015 affects the GNU C Library (glibc) and Embedded GLIBC (EGLIBC): in glibc 2.7 and EGLIBC 2.10.2, the NIS path (passwd.adjunct.byname) can cause getpwnam() to reveal encrypted NIS passwords. The connected advisories (Ubuntu USN-1396-1, SUSE patches) document this vulnerability and prov...

7.5CVSS6AI score0.03067EPSS
CVE
CVE
added 2011/03/30 10:0 p.m.89 views

CVE-2009-5064

CVE-2009-5064 concerns glibc

6.9CVSS8.1AI score0.00543EPSS
CVE
CVE
added 2020/10/06 12:49 p.m.85 views

CVE-1999-0199

CVE-1999-0199 affects glibc prior to 2.2. The issue is a missing statement about the unspecified tdelete return value when deleting a tree’s root, which could let an attacker access a dangling pointer in affected applications. Affected: glibc before 2.2. Remediation: upgrade to a version with the...

9.8CVSS9.3AI score0.02402EPSS
CVE
CVE
added 2016/10/07 2:0 p.m.85 views

CVE-2016-6323

The CVE-2016-6323 issue affects GNU C Library (glibc) on ARM EABI (32-bit): makecontext creates execution contexts incompatible with the unwinder, potentially allowing a context-dependent attacker to cause a denial of service (hang) in apps (notably gccgo). The vulnerability is fixed in glibc 2.2...

7.5CVSS7.1AI score0.03841EPSS
CVE
CVE
added 2017/05/07 6:0 p.m.84 views

CVE-2017-8804

CVE-2017-8804 affects glibc (libc6) 2.25 and permits denial of service via crafted UDP packets to port 111 due to mishandled failures in xdr_bytes/xdr_string during buffer deserialization. It is related to CVE-2017-8779 (RPC/BIND) which in other sources is described as a memory-exhaustion vulnera...

7.8CVSS7.4AI score0.0767EPSS
CVE
CVE
added 2017/02/16 6:0 p.m.83 views

CVE-2016-5417

CVE-2016-5417 affects GNU C Library (glibc/libc6): memory leak in the __res_vinit function of the IPv6 DNS resolver management code (libresolv) prior to version 2.24 can be exploited remotely to cause denial of service via memory exhaustion. Publicly available connected advisories confirm the iss...

7.5CVSS7AI score0.03361EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.81 views

CVE-2002-1146

The CVE-2002-1146 issue affects BIND 4 and BIND 8.2.x stub resolver libraries, and older glibc/libc/libresolv components (e.g., glibc ≤ 2.2.5) which use the maximum buffer size instead of the actual DNS response size, causing a read buffer overflow. This can enable a remote attacker to cause a de...

5CVSS6.5AI score0.03279EPSS
CVE
CVE
added 2010/06/01 8:0 p.m.80 views

CVE-2009-4881

CVE-2009-4881 is a glibc (GNU C Library) vulnerability describing an integer overflow in the __vstrfmon_l function of strfmon_l.c, prior to glibc-2.10.1. The connected advisories (Gentoo GLSA-201011-01, openSUSE/SUSE updates) group it with several related glibc flaws (CVE-2008-1391, 2010-0296, 20...

5CVSS6.4AI score0.02025EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.79 views

CVE-2002-0684

CVE-2002-0684 describes a buffer overflow in the DNS resolver logic used by BIND 4.9.8 and ported to glibc 2.2.5 and earlier. The flaw occurs in resolver/DNS name resolution (getnetbyname/getnetbyaddr) and can allow a remote attacker sending crafted DNS responses to execute arbitrary code. Severa...

7.5CVSS9.7AI score0.05861EPSS
CVE
CVE
added 2014/10/27 8:0 p.m.78 views

CVE-2011-2702

CVE-2011-2702 is a signedness error in Glibc before 2.13 and eglibc before 2.13. When SSSE3 optimization is enabled, a negative length parameter to memcpy-ssse3-rep.S, memcpy-ssse3.S, or memset-sse2.S in sysdeps/i386/i686/multiarch/ can trigger an out-of-bounds read, allowing context-dependent at...

6.8CVSS7.3AI score0.08458EPSS
Web
CVE
CVE
added 2013/05/02 2:0 p.m.78 views

CVE-2011-4609

CVE-2011-4609 affects the GNU C Library (glibc) prior to 2.15. The vulnerability is in the svc_run function used by the RPC implementation, allowing remote attackers to cause a denial of service via a large number of RPC connections. The issue is documented with a CVSS v2 base score of 5.0 (Mediu...

5CVSS8.5AI score0.01834EPSS
CVE
CVE
added 2019/04/10 7:52 p.m.77 views

CVE-2005-3590

The CVE-2005-3590 issue affects the GNU C Library (glibc) prior to 2.3.5, where getgrouplist, when invoked with a zero argument, writes to the provided pointer even if the array size is zero. This results in a buffer overflow and can lead to memory corruption. Affected component: glibc function g...

9.8CVSS9.6AI score0.02089EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.76 views

CVE-2002-1265

CVE-2002-1265 is evidenced in HP-UX RPC-related DoS advisories; OpenVAS/Nessus entries (PHNE_30091/30092/30093/30094, and PHKL_31500) reference CVE-2002-1265 as the RPC/HP-UX RPC DoS issue. Patches exist (HPSBUX01020 SSRT2384, etc.; PHKL_31500 consolidates fixes) addressing remote DoS via HP-UX R...

5CVSS6.2AI score0.02502EPSS
CVE
CVE
added 2011/04/08 3:0 p.m.76 views

CVE-2011-1659

CVE-2011-1659 is a vulnerability in the GNU C Library (glibc) prior to 2.13 where an integer overflow in posix/fnmatch.c can be triggered by long UTF-8 strings used in an fnmatch call, potentially causing an application crash (denial of service). Connected advisories (e.g., F5 BIG-IP SOL09408132)...

5CVSS7.5AI score0.02856EPSS
CVE
CVE
added 2025/06/05 7:20 p.m.70 views

CVE-2025-5745

CVE-2025-5745 concerns the GNU C Library (glibc) 2.40 and later, where the Power10-optimized strcmp/strncmp implementation writes to non-volatile vector registers v20–v31 without saving caller contents (per powerpc64le ABI). This can overwrite the caller’s registers, potentially changing control ...

5.6CVSS7AI score0.00206EPSS
CVE
CVE
added 2017/10/18 2:0 p.m.68 views

CVE-2011-5320

CVE-2011-5320 affects the GNU C Library (glibc) where scanf and related input functions are vulnerable in versions prior to 2.15. A crafted large string of 0s can trigger a local denial of service (segmentation fault). The impact is limited to local attackers with access to the system and is not ...

6.2CVSS6.5AI score0.00466EPSS
CVE
CVE
added 2003/11/18 5:0 a.m.67 views

CVE-2003-0859

CVE-2003-0859 : Affected GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages to the kernel netlink interface via getifaddrs. Public advisories (Red Hat RHSA-2003:334/325, Fedora, OpenBSD/OpenPKG, SUSE, Slackware, etc.) describe the issue ...

4.9CVSS6AI score0.00371EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.67 views

CVE-2004-1382

CVE-2004-1382 affects glibc 2.3.4 and earlier via the glibcbug script, enabling a local symlink attack to overwrite arbitrary files in temporary locations. The root cause is the insecure handling of temporary files by the glibcbug script, with published advisories (e.g., CAN-2004-1382 and related...

2.1CVSS6.1AI score0.00362EPSS
Total number of security vulnerabilities163