CVE-2023-4813

CVE-2023-4813 is a glibc flaw where gaih_inet may use freed memory, causing an application crash. It is exploitable when getaddrinfo is called and NSS/hosts database uses SUCCESS=continue or SUCCESS=merge. Public documentation confirms the issue and tracks it alongside other CVEs (e.g., CVE-2023-...

CVE-2020-10029

CVE-2020-10029 affects the GNU C Library (glibc) up to version 2.31.x, with a on‑stack buffer overflow during range reduction for 80‑bit long double inputs containing non‑canonical bit patterns on x86 targets. The issue is tied to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c and can occur when an input ...

CVE-2021-35942

CVE-2021-35942 affects the GNU C Library (glibc) wordexp in posix/wordexp.c. The root cause is an integer/regex handling issue caused by using atoi instead of strtoul, which can lead to an out-of-bounds read or memory access. Exploitation can crash the process or cause information disclosure (DoS...

CVE-2019-19126

CVE-2019-19126 affects glibc on x86-64 where LD_PREFER_MAP_32BIT_EXEC is not ignored after a security transition, enabling local attackers to bypass ASLR on setuid binaries by narrowing library address mappings. Public sources in Connected documents confirm the issue exists in glibc versions befo...

CVE-2020-29573

CVE-2020-29573 affects the GNU C Library (glibc) on x86, where sysdeps/i386/ldbl2mpn.c allows a stack-based buffer overflow when a printf-family input is an 80-bit long double with a non-canonical pattern (example: 0x0004000000000000000000000000000000000004 passed to sprintf). Public notes indica...

CVE-2021-3999

CVE-2021-3999 is a glibc vulnerability: an off-by-one buffer overflow/underflow in getcwd() can corrupt memory when the destination buffer size is 1, enabling a local attacker in a setuid context to potentially escalate privileges. The connected advisories confirm this is a real issue across mult...

CVE-2022-23218

Summary: CVE-2022-23218 (glibc) is a stack-based buffer overflow in the sunrpc path handling function svcunix_create, allowing potential denial of service or arbitrary code execution if a stack protector is not present. The issue affects glibc up to version 2.34 per the description. Multiple conn...

CVE-2020-1751

CVE-2020-1751 summary (glibc): An out-of-bounds write vulnerability in glibc prior to 2.31 affects the backtrace handling for signal trampolines on PowerPC. The implementation did not properly bound-check the array when storing the frame address, leading to potential denial of service or code exe...

CVE-2022-23219

The CVE-2022-23219 entry is supported by concrete details in connected sources: glibc’s sunrpc clnt_create copies its hostname onto the stack without length validation (through glibc 2.34). This can cause a stack-based buffer overflow, leading to denial of service or, on systems without stack pro...

CVE-2010-4756

Technical details about CVE-2010-4756 are not provided in the connected documents. The Initial Description notes a glibc glob DoS via crafted expressions but lacks product/version/impact/fix specifics. Monitor for updates.

CVE-2020-1752

CVE-2020-1752 (glibc) is a use-after-free vulnerability in the tilde expansion path handling of glibc’s glob processing, originating in upstream version 2.14 and fixed in 2.32. The issue affects directory paths beginning with a tilde followed by a valid username and can be exploited by a local at...

CVE-2023-0687

CVE-2023-0687 affects GNU C Library (glibc) 2.38, specifically the __monstartup function in gmon.c of the Call Graph Monitor component. The issue enables a buffer overflow when handling an overly long input argument, with inputs described as addresses of the running application built with gmon en...

CVE-2009-5155

CVE-2009-5155 affects the GNU C Library (glibc) prior to 2.28. The vulnerability is in parse_reg_exp (posix/regcomp.c) where misparsing alternatives can cause a denial of service (assertion failure and process exit) or yield an incorrect match result. Affected products include glibc in systems us...

CVE-2016-4429

CVE-2016-4429: In glibc, a stack-based buffer overflow in sunrpc/clnt_udp.c:clntudp_call can be triggered by a flood of crafted ICMP/UDP packets, enabling a remote attacker to cause a denial of service (crash) and possibly other impact. Connected docs confirm the issue as a buffer overflow in the...

CVE-2013-7423

CVE-2013-7423: in glibc, the send_dg path can cause DNS queries to be written to unintended file descriptors under load, enabling local access to sensitive information. IBM advisories confirm affected products (e.g., DataPower Gateways, QRadar/NIPS contexts) and list concrete fixes: upgrade to fi...

CVE-2016-1234

CVE-2016-1234 affects the glibc glob implementation prior to 2.24, where a stack-based buffer overflow occurs when GLOB_ALTDIRFUNC is used with long names. This can crash the process (DoS). Remediation: upgrade glibc to 2.24 or newer (or apply vendor-specific patches). The CVE is corroborated by ...

CVE-2014-5119

CVE-2014-5119 is an off-by-one error in glibc’s gconv transliteration loading code (__gconv_translit_find, gconv_trans.c) that allows context-dependent attackers to crash or execute arbitrary code via crafted CHARSET environment variable input. Affected: glibc and related packages; impact: denial...

CVE-2015-8985

CVE-2015-8985 affects the GNU C Library (glibc). The vulnerability lies in pop_fail_stack, where an assertion failure can be triggered via vectors related to extended regular expression processing, enabling a context-dependent attacker to cause a denial of service (crash) in the affected applicat...

CVE-2016-3706

CVE-2016-3706 is a glibc (GNU C Library) vulnerability: a stack-based buffer overflow in sysdeps/posix/getaddrinfo.c:getaddrinfo can be triggered by hostent conversion and allows remote attackers to cause a denial of service (crash). The entry notes this issue stems from an incomplete fix for CVE...

CVE-2015-20109

CVE-2015-20109 is a glibc (GNU C Library) local denial-of-service issue tied to end_pattern usage in internal_fnmatch, potentially causing application crashes when fnmatch is used with the (!()) pattern. The description specifies affected component (glibc) and version class (before 2.22). Public ...

CVE-1999-0199

CVE-1999-0199 affects glibc prior to 2.2. The issue is a missing statement about the unspecified tdelete return value when deleting a tree’s root, which could let an attacker access a dangling pointer in affected applications. Affected: glibc before 2.2. Remediation: upgrade to a version with the...

CVE-2005-3590

The CVE-2005-3590 issue affects the GNU C Library (glibc) prior to 2.3.5, where getgrouplist, when invoked with a zero argument, writes to the provided pointer even if the array size is zero. This results in a buffer overflow and can lead to memory corruption. Affected component: glibc function g...

CVE-2010-3192

CVE-2010-3192 affects the GNU C Library (glibc) and concerns runtime memory protection that prints argv[0] and backtrace data, potentially allowing a context-dependent attacker to read sensitive process memory. The description references a setuid program with a stack-based overflow (fortify_fail/...

CVE-2006-7254

The CVE concerns the nscd daemon in the GNU C Library (glibc) prior to 2.5. The vulnerability arises because nscd does not close incoming client sockets that it cannot handle, enabling local users to perform a denial of service against the daemon. Affected component: nscd within glibc (before 2.5...