Lucene search
K
GnuGlibc

163 matches found

CVE
CVE
added 2001/01/22 5:0 a.m.65 views

CVE-2000-0824

The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...

7.2CVSS7.1AI score0.01232EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0335

The CVE-2000-0335 issue affects the resolver in glibc 2.1.3 , which uses predictable IDs. This design allows a local attacker to cause DNS query spoofing by manipulating IDs, undermining DNS query integrity. The vulnerability’s impact is described as the ability to spoof results, with a base CVSS...

7.5CVSS6.6AI score0.01586EPSS
CVE
CVE
added 2019/04/10 7:52 p.m.60 views

CVE-2006-7254

The CVE concerns the nscd daemon in the GNU C Library (glibc) prior to 2.5. The vulnerability arises because nscd does not close incoming client sockets that it cannot handle, enabling local users to perform a denial of service against the daemon. Affected component: nscd within glibc (before 2.5...

5.5CVSS5.3AI score0.00305EPSS
CVE
CVE
added 2010/10/12 9:0 p.m.60 views

CVE-2010-3192

CVE-2010-3192 affects the GNU C Library (glibc) and concerns runtime memory protection that prints argv[0] and backtrace data, potentially allowing a context-dependent attacker to read sensitive process memory. The description references a setuid program with a stack-based overflow (fortify_fail/...

5CVSS6.8AI score0.01606EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.49 views

CVE-2000-0959

CVE-2000-0959 concerns glibc2/ld.so: the loader does not clear LD_DEBUG_OUTPUT and LD_DEBUG before invoking programs from a setuid context. This can enable a local attacker to exploit a symlink to overwrite arbitrary files. Concrete details exist in CERT/CC reports (Debian advisory) describing th...

1.2CVSS6.3AI score0.00303EPSS
CVE
CVE
added 2026/01/14 9:1 p.m.48 views

CVE-2026-0861

GLIBC memalign family (memalign, posix_memalign, aligned_alloc) in GNU C Library versions 2.30–2.42 is affected by an integer overflow when an input alignment is too large and the size argument is near PTRDIFF_MAX, which can lead to heap corruption. Exploitation requires the attacker to control b...

8.4CVSS6.6AI score0.00352EPSS
CVE
CVE
added 2026/03/20 7:59 p.m.44 views

CVE-2026-4437

CVE-2026-4437 concerns glibc’s DNS response parsing. According to the initial document, calling gethostbyaddr/gethostbyaddr_r with a configured nsswitch.conf DNS backend in GNU C Library versions 2.34–2.43 can yield a crafted DNS response that violates the DNS specification, causing the applicati...

7.5CVSS5.8AI score0.00292EPSS
CVE
CVE
added 2026/04/20 8:37 p.m.42 views

CVE-2026-5928

CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...

7.5CVSS6AI score0.00345EPSS
CVE
CVE
added 2026/03/20 7:59 p.m.38 views

CVE-2026-4438

The CVE-2026-4438 issue affects the GNU C Library (glibc) gethostbyaddr/gethostbyaddr_r when NSSwitch DNS backend is configured; versions 2.34–2.43 may return invalid DNS hostnames. Impact per sources is a DNS-spec violation; no exploitation details are provided in the documents. A patched versio...

5.4CVSS5.8AI score0.00189EPSS
CVE
CVE
added 2026/04/28 11:58 a.m.37 views

CVE-2026-5435

CVE-2026-5435 affects the GNU C Library (glibc) where deprecated functions for printing TSIG records (ns_printrrf, ns_printrr, fp_nquery) do not respect caller buffer lengths, enabling an out-of-bounds write in versions 2.2 and newer. This can lead to a denial of service and, in some scenarios, p...

7.3CVSS5.5AI score0.00197EPSS
CVE
CVE
added 2026/01/15 10:8 p.m.36 views

CVE-2026-0915

CVE-2026-0915 concerns glibc’s DNS handling: uninitialized stack buffer used as DNS query name when net==0 can leak stack contents to the DNS resolver. Connected advisories indicate affected packages (glibc) with fixes in versions >= 2.35-9 (e.g., SUSE/OpenSUSE, Ubuntu, Rocky Linux, AlmaLinux,...

7.5CVSS6.4AI score0.00564EPSS
CVE
CVE
added 2026/03/11 1:19 p.m.33 views

CVE-2026-3904

The CVE-2026-3904 issue affects the GNU C Library (GLIBC) v2.36 on x86_64 where memcmp, used by an NSS-backed path accessing nscd client code, may operate on inputs concurrently modified by other threads. This undefined behavior could crash the nscd client and dependent applications. The vulnerab...

6.2CVSS5.8AI score0.00146EPSS
CVE
CVE
added 2026/04/28 4:43 p.m.29 views

CVE-2026-6238

GLIBC: The deprecated debugging functions ns_printrrf, ns_printrr and fp_nquery in GNU C Library (glibc) 2.2 and newer fail to validate RDATA against its length for DNS LOC, CERT, TKEY or TSIG records. This may let an attacker craft a DNS response that crashes a target application or reads uninit...

6.5CVSS5.8AI score0.00311EPSS
Total number of security vulnerabilities163