Glibc@* Security Vulnerabilities and Issues — Glibc@* CVE List

Lucene search

GnuGlibc*

10 matches found

CVE•added 2019/11/19 10:15 p.m.•342 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR...

3.3CVSS4.8AI score0.00016EPSS

CVE•added 2019/01/21 7:29 p.m.•331 views

CVE-2016-10739

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possi...

5.3CVSS5AI score0.00038EPSS

CVE•added 2019/02/26 2:29 a.m.•318 views

CVE-2019-9169

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

9.8CVSS9.3AI score0.1003EPSS

CVE•added 2019/02/26 6:29 p.m.•235 views

CVE-2019-9192

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior...

7.5CVSS5.2AI score0.01996EPSS

CVE•added 2019/02/26 2:29 a.m.•197 views

CVE-2009-5155

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

7.5CVSS6.9AI score0.01374EPSS

CVE•added 2019/02/26 2:29 a.m.•163 views

CVE-2018-20796

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

7.5CVSS5.2AI score0.01996EPSS

CVE•added 2019/02/03 2:29 a.m.•132 views

CVE-2019-7309

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

5.5CVSS5.6AI score0.0013EPSS

CVE•added 2019/01/18 7:29 p.m.•86 views

CVE-2019-6488

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in _...

7.8CVSS5.6AI score0.00099EPSS

CVE•added 2019/04/10 8:29 p.m.•65 views

CVE-2005-3590

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

9.8CVSS9.6AI score0.00492EPSS

CVE•added 2019/04/10 8:29 p.m.•48 views

CVE-2006-7254

The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

5.5CVSS5.3AI score0.00042EPSS