Glibc@* Security Vulnerabilities and Issues — Glibc@* CVE List

Lucene search

GnuGlibc*

10 matches found

CVE•added 2013/04/29 10:55 p.m.•123 views

CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

5CVSS7.4AI score0.03104EPSS

CVE•added 2013/12/12 6:55 p.m.•121 views

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. N...

5CVSS7.7AI score0.03104EPSS

CVE•added 2013/10/09 10:55 p.m.•100 views

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc function...

4.3CVSS7.1AI score0.01634EPSS

CVE•added 2013/10/09 10:55 p.m.•94 views

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

6.8CVSS7.8AI score0.01422EPSS

CVE•added 2013/05/02 2:55 p.m.•86 views

CVE-2009-5029

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

6.8CVSS8.6AI score0.02765EPSS

CVE•added 2013/10/09 10:55 p.m.•86 views

CVE-2013-2207

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

2.6CVSS8AI score0.00071EPSS

CVE•added 2013/10/09 10:55 p.m.•84 views

CVE-2012-4412

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

7.5CVSS8AI score0.20081EPSS

CVE•added 2013/10/04 5:55 p.m.•81 views

CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vul...

5.1CVSS7.2AI score0.0756EPSS

CVE•added 2013/10/09 10:55 p.m.•77 views

CVE-2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

5.1CVSS7.9AI score0.00608EPSS

CVE•added 2013/05/02 2:55 p.m.•59 views

CVE-2011-4609

The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.

5CVSS8.5AI score0.00727EPSS