163 matches found
CVE-2013-4237
CVE-2013-4237 affects glibc (GNU C Library) 2.18 and earlier, in sysdeps/posix/readdir_r.c. A context-dependent attacker could trigger an out-of-bounds write in readdir_r via a crafted NTFS or CIFS image, causing a denial of service or potentially executing arbitrary code. Exploitation details ar...
CVE-2015-1473
CVE-2015-1473 affects the GNU C Library (glibc) prior to version 2.21, arising from the ADDW macro in stdio-common/vfscanf.c not properly factoring data-type size when using alloca in a wscanf path. This can allow context-dependent attackers to cause a denial of service (segmentation fault) or ov...
CVE-2003-0028
Technical details about CVE-2003-0028 are not present in the provided documents. The connected sources reference the CVE in Debian/OpenVAS advisories but do not specify affected products, root cause, versions, impact, or fixes.
CVE-2012-3405
CVE-2012-3405 affects the GNU C Library (glibc) vfprintf handling in stdio-common/vfprintf.c, where improper buffer length calculation can bypass Fortify_source format-string protection and trigger a denial of service via a crafted format string with many specifiers. Public references in the Debi...
CVE-2015-8983
CVE-2015-8983 describes an Integer overflow in glibc's _IO_wstr_overflow (libio/wstrops.c) prior to version 2.22 that can trigger a heap-based buffer overflow, potentially causing an application crash or arbitrary code execution under certain conditions. Affected: GNU C Library (glibc) before 2.2...
CVE-2009-4880
Glibc (GNU C Library) is affected by CVE-2009-4880: multiple integer overflows in strfmon handling that can be triggered by a crafted format string, potentially causing memory growth or an application crash (denial of service). This is observed in glibc 2.10.1 and earlier. Mitigation per connecte...
CVE-2015-5277
CVE-2015-5277 affects the GNU C Library (glibc) NSS get_contents backend in nss_files, where a long line in the NSS files database can trigger heap corruption and enable local privilege escalation. Engines in connected advisories confirm this vulnerability existed in glibc prior to version 2.20 a...
CVE-2011-1089
CVE-2011-1089 refers to a vulnerability in the GNU C Library (glibc/libc6) up to version 2.13 where addmntent does not report an error when writes to /etc/mtab fail. The issue enables local users to trigger corruption of /etc/mtab, demonstrated by a process with a small RLIMIT_FSIZE. This is a se...
CVE-2010-0296
CVE-2010-0296 concerns the GNU C Library (glibc) up to version 2.11.1. The encode_name macro in misc/mntent_r.c fails to handle newline characters in mountpoint names, used by ncpmount and mount.cifs, leading to potential mtab corruption and, via crafted mount requests, local privilege elevation....
CVE-2011-0536
CVE-2011-0536 affects glibc/ld.so in modified glibc builds where a setuid/setgid program contains $ORIGIN in RPATH or RUNPATH; a crafted DSO in a subdirectory can escalate privileges via local access. Root cause is an incorrect fix for CVE-2010-3847. The issue is discussed in multiple advisories ...
CVE-2014-9984
CVE-2014-9984 affects the GNU C Library (glibc) nscd when processing netgroup requests: the internal buffer size is not computed correctly, which can cause an nscd daemon crash or allow code execution as the user running nscd. The vulnerability is tied to glibc versions prior to 2.20. Several adv...
CVE-2013-2207
CVE-2013-2207: In the GNU C Library (glibc), pt_chown() can bypass security restrictions due to improper permission checks, allowing a local attacker to access other users’ pseudoterminals. The vulnerability affects glibc versions before 2.18. IBM advisories (FSM, IMM2, AMM) reference CVE-2013-22...
CVE-2018-6551
CVE-2018-6551 concerns the GNU C Library (glibc) malloc implementation with arguments near SIZE_MAX, causing heap corruption due to an integer overflow. Affected are glibc versions 2.24–2.26 on powerpc and 2.26 on i386. IBM advisories (IMM2, DSA Preboot, AMM) reference CVE-2018-6551 and describe ...
CVE-2012-4412
CVE-2012-4412 affects the GNU C Library (glibc) up to and including version 2.17. The issue is an integer overflow in string/strcoll_l.c that can be triggered by a long string, leading to a heap-based buffer overflow. This can cause a denial of service (crash) and, per the description, may allow ...
CVE-2009-5029
CVE-2009-5029 stems from an integer overflow in glibc's __tzfile_read, affecting glibc versions prior to 2.15. The issue allows context-dependent attackers to crash the process (DoS) and potentially execute arbitrary code via a crafted timezone (TZ) file, with demonstrations reported using vsftpd...
CVE-2010-4052
Vulnerability: GNU C Library (glibc/libc6) regcomp contains a stack-consumption DoS flaw. Affects versions up to 2.11.3 and 2.12.x up to 2.12.2. Attackers can exhaust resources via crafted regular expressions with adjacent repetition operators, as shown by the proftpd.gnu.c exploit. The connected...
CVE-2015-8982
CVE-2015-8982 maps to an Integer Overflow in glibc’s strxfrm (pre-2.21) that could trigger a stack-based overflow, crash, or possible code execution. In the provided data, affected product is Cloud Pak for Security (CP4S) version 1.8.0.0, 1.8.1.0. Remediation = upgrade to CP4S 1.9.0.0 per IBM gui...
CVE-2012-3480
CVE-2012-3480 affects the GNU C Library (glibc/eglibc). Reports in connected documents describe multiple integer overflows in parser/conversion routines (strtod, strtof, strtold, strtod_l, and related functions) that can enable a local user to cause an application crash or possibly execute arbitr...
CVE-2012-6656
CVE-2012-6656 affects GNU C Library (glibc) iconvdata/ibm930.c, where iconv converting IBM930 to UTF-8 can trigger an out-of-bounds read by a multibyte value 0xffff. This is a context-dependent denial-of-service vulnerability. The description indicates the issue exists in glibc before version 2.1...
CVE-2019-6488
CVE-2019-6488 affects the GNU C Library (glibc) on x32, where the assembly path for size_t incorrectly uses a 64-bit register. This discrepancy can cause a crash in __memmove_avx_unaligned_erms during memcpy, leading to a segmentation fault or potentially other impact as described in the vulnerab...
CVE-2013-4788
CVE-2013-4788 affects glibc (GNU C Library) up to version 2.4/2.17 and EGLIBC; PTR_MANGLE does not initialize the random value for the pointer guard, enabling context-dependent attackers to influence control flow via a buffer-overflow in an application. Affected components: PTR_MANGLE implementat...
CVE-2017-15671
CVE-2017-15671 applies to the GNU C Library (glibc) glob implementation: when invoked with GLOB_TILDE, memory could fail to be freed during ~ expansion for very long usernames, potentially causing a denial of service via memory leak. Affected: glibc versions before 2.27. The connected documents d...
CVE-2025-15281
CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...
CVE-2015-20109
CVE-2015-20109 is a glibc (GNU C Library) local denial-of-service issue tied to end_pattern usage in internal_fnmatch, potentially causing application crashes when fnmatch is used with the (!()) pattern. The description specifies affected component (glibc) and version class (before 2.22). Public ...
CVE-2015-8984
CVE-2015-8984 affects IBM Cloud Pak for Security (CP4S). The CP4S remediation bulletin confirms CP4S versions 1.8.1.0, 1.8.0.0 and 1.7.2.0 contain the glibc fnmatch out-of-bounds read vulnerability described in the CVE (context-dependent denial-of-service via malformed pattern). The documented fi...
CVE-2010-0830
CVE-2010-0830 describes an integer signedness error in the GNU C Library’s dynamic linker component ld.so, specifically in elf_get_dynamic_info. The vulnerability affects glibc versions 2.0.1 through 2.11.1, and is triggered when using the --verify option. A crafted ELF binary with a negative d_t...
CVE-2011-1095
Summary of CVE-2011-1095 (glibc locale quoting issue) : The vulnerability affects locale/programs/locale.c in the GNU C Library (glibc/libc6) prior to version 2.13. The code does not properly quote its output, which might allow local users to gain privileges via a crafted localization environment...
CVE-2012-4424
CVE-2012-4424 is a stack-based buffer overflow in glibc's strcoll_l.c (glibc/ libc6) 2.17 and earlier. The description states that a long string could trigger a malloc failure and use of alloca, enabling context-dependent attackers to cause a denial of service (crash) or potentially execute arbit...
CVE-2004-1453
CVE-2004-1453 affects the GNU C Library (glibc). The issue arises when LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK are not restricted for setuid programs, allowing a local attacker to obtain sensitive information (e.g., the program’s symbol list). This is a local information disclosure vulnerabil...
CVE-2010-4051
CVE-2010-4051 : The regcomp implementation in the GNU C Library (glibc/libc6) allows context-dependent attackers to cause a denial of service (application crash) via a regex containing adjacent bounded repetitions that bypass the RE_DUP_MAX limit. Affected versions include up to 2.11.3 and 2.12.x...
CVE-2011-1658
CVE-2011-1658 affects the GNU C Library (glibc) ld.so: when RPATH consists entirely of the special token $ORIGIN, it can enable local privilege escalation by linking a crafted LD_PRELOAD with a setuid/setgid program. Affected are glibc versions 2.13 and earlier. The root cause is expansion of the...
CVE-2017-17426
CVE-2017-17426 affects the GNU C Library (glibc/libc6) up to version 2.26. The heap overflow arises from an integer overflow check missing in the per-thread cache (tcache) path when allocating an object near SIZE_MAX, potentially allowing code execution. Exploitation details are not provided in t...
CVE-2010-0015
CVE-2010-0015 affects the GNU C Library (glibc) and Embedded GLIBC (EGLIBC): in glibc 2.7 and EGLIBC 2.10.2, the NIS path (passwd.adjunct.byname) can cause getpwnam() to reveal encrypted NIS passwords. The connected advisories (Ubuntu USN-1396-1, SUSE patches) document this vulnerability and prov...
CVE-2009-5064
CVE-2009-5064 concerns glibc
CVE-1999-0199
CVE-1999-0199 affects glibc prior to 2.2. The issue is a missing statement about the unspecified tdelete return value when deleting a tree’s root, which could let an attacker access a dangling pointer in affected applications. Affected: glibc before 2.2. Remediation: upgrade to a version with the...
CVE-2016-6323
The CVE-2016-6323 issue affects GNU C Library (glibc) on ARM EABI (32-bit): makecontext creates execution contexts incompatible with the unwinder, potentially allowing a context-dependent attacker to cause a denial of service (hang) in apps (notably gccgo). The vulnerability is fixed in glibc 2.2...
CVE-2017-8804
CVE-2017-8804 affects glibc (libc6) 2.25 and permits denial of service via crafted UDP packets to port 111 due to mishandled failures in xdr_bytes/xdr_string during buffer deserialization. It is related to CVE-2017-8779 (RPC/BIND) which in other sources is described as a memory-exhaustion vulnera...
CVE-2016-5417
CVE-2016-5417 affects GNU C Library (glibc/libc6): memory leak in the __res_vinit function of the IPv6 DNS resolver management code (libresolv) prior to version 2.24 can be exploited remotely to cause denial of service via memory exhaustion. Publicly available connected advisories confirm the iss...
CVE-2002-1146
The CVE-2002-1146 issue affects BIND 4 and BIND 8.2.x stub resolver libraries, and older glibc/libc/libresolv components (e.g., glibc ≤ 2.2.5) which use the maximum buffer size instead of the actual DNS response size, causing a read buffer overflow. This can enable a remote attacker to cause a de...
CVE-2009-4881
CVE-2009-4881 is a glibc (GNU C Library) vulnerability describing an integer overflow in the __vstrfmon_l function of strfmon_l.c, prior to glibc-2.10.1. The connected advisories (Gentoo GLSA-201011-01, openSUSE/SUSE updates) group it with several related glibc flaws (CVE-2008-1391, 2010-0296, 20...
CVE-2002-0684
CVE-2002-0684 describes a buffer overflow in the DNS resolver logic used by BIND 4.9.8 and ported to glibc 2.2.5 and earlier. The flaw occurs in resolver/DNS name resolution (getnetbyname/getnetbyaddr) and can allow a remote attacker sending crafted DNS responses to execute arbitrary code. Severa...
CVE-2011-2702
CVE-2011-2702 is a signedness error in Glibc before 2.13 and eglibc before 2.13. When SSSE3 optimization is enabled, a negative length parameter to memcpy-ssse3-rep.S, memcpy-ssse3.S, or memset-sse2.S in sysdeps/i386/i686/multiarch/ can trigger an out-of-bounds read, allowing context-dependent at...
CVE-2011-4609
CVE-2011-4609 affects the GNU C Library (glibc) prior to 2.15. The vulnerability is in the svc_run function used by the RPC implementation, allowing remote attackers to cause a denial of service via a large number of RPC connections. The issue is documented with a CVSS v2 base score of 5.0 (Mediu...
CVE-2005-3590
The CVE-2005-3590 issue affects the GNU C Library (glibc) prior to 2.3.5, where getgrouplist, when invoked with a zero argument, writes to the provided pointer even if the array size is zero. This results in a buffer overflow and can lead to memory corruption. Affected component: glibc function g...
CVE-2002-1265
CVE-2002-1265 is evidenced in HP-UX RPC-related DoS advisories; OpenVAS/Nessus entries (PHNE_30091/30092/30093/30094, and PHKL_31500) reference CVE-2002-1265 as the RPC/HP-UX RPC DoS issue. Patches exist (HPSBUX01020 SSRT2384, etc.; PHKL_31500 consolidates fixes) addressing remote DoS via HP-UX R...
CVE-2011-1659
CVE-2011-1659 is a vulnerability in the GNU C Library (glibc) prior to 2.13 where an integer overflow in posix/fnmatch.c can be triggered by long UTF-8 strings used in an fnmatch call, potentially causing an application crash (denial of service). Connected advisories (e.g., F5 BIG-IP SOL09408132)...
CVE-2025-5745
CVE-2025-5745 concerns the GNU C Library (glibc) 2.40 and later, where the Power10-optimized strcmp/strncmp implementation writes to non-volatile vector registers v20–v31 without saving caller contents (per powerpc64le ABI). This can overwrite the caller’s registers, potentially changing control ...
CVE-2011-5320
CVE-2011-5320 affects the GNU C Library (glibc) where scanf and related input functions are vulnerable in versions prior to 2.15. A crafted large string of 0s can trigger a local denial of service (segmentation fault). The impact is limited to local attackers with access to the system and is not ...
CVE-2003-0859
CVE-2003-0859 : Affected GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages to the kernel netlink interface via getifaddrs. Public advisories (Red Hat RHSA-2003:334/325, Fedora, OpenBSD/OpenPKG, SUSE, Slackware, etc.) describe the issue ...
CVE-2004-1382
CVE-2004-1382 affects glibc 2.3.4 and earlier via the glibcbug script, enabling a local symlink attack to overwrite arbitrary files in temporary locations. The root cause is the insecure handling of temporary files by the glibcbug script, with published advisories (e.g., CAN-2004-1382 and related...