Lucene search

UbuntuUSN-6736-2

HistoryMay 23, 2024 - 12:00 a.m.

klibc vulnerabilities

2024-05-2300:00:00

ubuntu.com

ubuntu 24.04 lts

klibc

zlib

pointer arithmetic

memory handling

vulnerability

execute arbitrary code

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Releases

Ubuntu 24.04 LTS

Packages

klibc - small utilities built with klibc for early boot

Details

USN-6736-1 fixed vulnerabilities in klibc. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that zlib, vendored in klibc, incorrectly handled pointer
arithmetic. An attacker could use this issue to cause klibc to crash or to
possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain deflating operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2018-25032)

Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain inflate operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2022-37434)

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchklibc-utils< 2.0.13-4ubuntu0.1UNKNOWN
Ubuntu24.04noarchklibc-utils-dbgsym< 2.0.13-4ubuntu0.1UNKNOWN
Ubuntu24.04noarchlibklibc< 2.0.13-4ubuntu0.1UNKNOWN
Ubuntu24.04noarchlibklibc-dbgsym< 2.0.13-4ubuntu0.1UNKNOWN
Ubuntu24.04noarchlibklibc-dev< 2.0.13-4ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	24.04	noarch	klibc-utils	< 2.0.13-4ubuntu0.1	UNKNOWN
Ubuntu	24.04	noarch	klibc-utils-dbgsym	< 2.0.13-4ubuntu0.1	UNKNOWN
Ubuntu	24.04	noarch	libklibc	< 2.0.13-4ubuntu0.1	UNKNOWN
Ubuntu	24.04	noarch	libklibc-dbgsym	< 2.0.13-4ubuntu0.1	UNKNOWN
Ubuntu	24.04	noarch	libklibc-dev	< 2.0.13-4ubuntu0.1	UNKNOWN