Glibc@2.3.3 Security Vulnerabilities and Issues — Glibc@2.3.3 CVE List

Lucene search

GnuGlibc2.3.3

15 matches found

CVE•added 2011/01/07 7:0 p.m.•193 views

CVE-2010-3856

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located i...

7.2CVSS7.4AI score0.06747EPSS

CVE•added 2013/04/29 10:55 p.m.•123 views

CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

5CVSS7.4AI score0.03104EPSS

CVE•added 2011/01/07 7:0 p.m.•109 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrar...

6.9CVSS8.7AI score0.05524EPSS

CVE•added 2010/06/01 8:30 p.m.•98 views

CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to ...

5CVSS6.2AI score0.20122EPSS

CVE•added 2011/04/08 3:17 p.m.•97 views

CVE-2011-1071

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to C...

5.1CVSS9.2AI score0.05656EPSS

CVE•added 2005/02/09 5:0 a.m.•89 views

CVE-2004-0968

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.8AI score0.00072EPSS

CVE•added 2011/04/10 2:55 a.m.•85 views

CVE-2011-1089

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMI...

3.3CVSS8.3AI score0.00107EPSS

CVE•added 2010/06/01 8:30 p.m.•84 views

CVE-2010-0296

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mou...

7.2CVSS7.6AI score0.00107EPSS

CVE•added 2005/02/13 5:0 a.m.•74 views

CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

2.1CVSS6AI score0.00078EPSS

CVE•added 2011/04/10 2:55 a.m.•73 views

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

6.2CVSS7.6AI score0.00087EPSS

CVE•added 2010/06/01 8:30 p.m.•71 views

CVE-2010-0830

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative va...

5.1CVSS8.4AI score0.06829EPSS

CVE•added 2011/04/08 3:17 p.m.•71 views

CVE-2011-1658

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this...

3.7CVSS8AI score0.05524EPSS

CVE•added 2010/06/01 8:30 p.m.•67 views

CVE-2009-4881

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999...

5CVSS6.4AI score0.20122EPSS

CVE•added 2005/02/06 5:0 a.m.•57 views

CVE-2004-1382

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

2.1CVSS6.1AI score0.00087EPSS

CVE•added 2011/04/08 3:17 p.m.•55 views

CVE-2011-1659

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than C...

5CVSS7.5AI score0.05656EPSS