Glibc Security Vulnerabilities and Issues — Glibc CVE List

Lucene search

GnuGlibc

9 matches found

CVE•added 2024/05/06 8:15 p.m.•6459 views

CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added...

8.1CVSS8.4AI score0.00578EPSS

CVE•added 2024/01/31 2:15 p.m.•389 views

CVE-2023-6246

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename ...

8.4CVSS7.7AI score0.2501EPSS

CVE•added 2024/01/31 2:15 p.m.•285 views

CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of...

8.2CVSS7.7AI score0.00559EPSS

CVE•added 2016/02/18 9:59 p.m.•255 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.93421EPSS

CVE•added 2019/07/15 4:15 a.m.•209 views

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream ...

8.8CVSS7.8AI score0.00703EPSS

CVE•added 2020/04/01 10:15 p.m.•157 views

CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

8.1CVSS8AI score0.04284EPSS

CVE•added 2017/03/20 4:59 p.m.•87 views

CVE-2015-8983

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which ...

8.1CVSS8AI score0.00647EPSS

CVE•added 2017/12/05 5:29 p.m.•77 views

CVE-2017-17426

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feat...

8.1CVSS8.5AI score0.00358EPSS

CVE•added 2017/03/15 7:59 p.m.•75 views

CVE-2015-8982

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

8.1CVSS7.2AI score0.0131EPSS