Glibc@* Security Vulnerabilities and Issues — Glibc@* CVE List

Lucene search

GnuGlibc*

7 matches found

CVE•added 2020/03/04 3:15 p.m.•423 views

CVE-2020-10029

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee7...

5.5CVSS6.4AI score0.00044EPSS

CVE•added 2020/12/06 12:15 a.m.•340 views

CVE-2020-29573

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00...

7.5CVSS7.6AI score0.001EPSS

CVE•added 2020/04/17 7:15 p.m.•261 views

CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest thr...

7CVSS7AI score0.00205EPSS

CVE•added 2020/04/30 5:15 p.m.•220 views

CVE-2020-1752

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially c...

7CVSS7.1AI score0.00152EPSS

CVE•added 2020/12/04 7:15 a.m.•210 views

CVE-2020-29562

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

4.8CVSS5.9AI score0.00056EPSS

CVE•added 2020/04/01 10:15 p.m.•157 views

CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

8.1CVSS8AI score0.04284EPSS

CVE•added 2020/10/06 1:15 p.m.•68 views

CVE-1999-0199

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

9.8CVSS9.3AI score0.00677EPSS