Glibc Security Vulnerabilities and Issues — Glibc CVE List

Lucene search

GnuGlibc

9 matches found

CVE•added 2018/01/31 2:29 p.m.•315 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

7.8CVSS8.8AI score0.47736EPSS

CVE•added 2018/02/01 2:29 p.m.•274 views

CVE-2018-6485

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

9.8CVSS8.4AI score0.00663EPSS

CVE•added 2018/05/18 4:29 p.m.•200 views

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

9.8CVSS8.8AI score0.00827EPSS

CVE•added 2018/05/18 4:29 p.m.•170 views

CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

7.8CVSS7.7AI score0.00809EPSS

CVE•added 2018/02/01 4:29 a.m.•163 views

CVE-2017-1000409

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

7CVSS7AI score0.07151EPSS

CVE•added 2018/02/01 4:29 a.m.•141 views

CVE-2017-1000408

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

7.8CVSS6.7AI score0.07151EPSS

CVE•added 2018/05/18 4:29 p.m.•123 views

CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

9.8CVSS8.5AI score0.01192EPSS

CVE•added 2018/02/02 2:29 p.m.•93 views

CVE-2018-6551

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually l...

9.8CVSS8.3AI score0.00442EPSS

CVE•added 2018/12/04 4:29 p.m.•89 views

CVE-2018-19591

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

7.5CVSS6.1AI score0.00881EPSS