from 0, < 2.31-13+deb11u7
from 0, < 2.31-13+deb11u7
CRITICAL9.8Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format…
from 0
CRITICAL9.8The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname ar…
from 0, < 2.31-13+deb11u3
CRITICAL9.8The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path arg…
from 0, < 2.31-13+deb11u3
CRITICAL9.8The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
from 0, < 2.31-13+deb11u3
CRITICAL9.8manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion o…
from 0, < 2.2-1
CRITICAL9.8GNU Libc current is affected by: Mitigation bypass.
from 0
CRITICAL9.8The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointe…
from 0, < 2.3.5-3
CRITICAL9.8In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attem…
from 0, < 2.28-9
CRITICAL9.8stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realp…
from 0, < 2.27-4
CRITICAL9.8An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or…
from 0, < 2.27-3
CRITICAL9.8The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386…
from 0, < 2.27-1
CRITICAL9.8An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and ea…
from 0, < 2.27-1
CRITICAL9.8The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user name…
from 0, < 2.25-3
CRITICAL9.8The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob functio…
from 0, < 2.25-3
CRITICAL9.8nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processin…
from 0, < 2.19-14
CRITICAL9.8Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attacker…
from 0, < 2.21-7
CRITICAL9.8Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (app…
from 0, < 2.21-8
CRITICAL9.8eglibc - security update
from 0, < 2.23-1
CRITICAL9.8acm - integer overflow
from 0, < 2.2.5-11.1
CRITICAL9.8acm - integer overflow
from 0, < 2.2.5-13
CRITICAL9.1The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) w…
from 0, < 2.31-13
CRITICAL9.1The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
from 0, < 2.21-7
HIGH8.8GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file.
from 0
HIGH8.4Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.…
from 0
HIGH8.4pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and be…
from 0, < 2.21-1
HIGH8.1glibc - security update
from 0, < 2.31-13+deb11u10
HIGH8.1glibc - security update
from 0, < 2.28-10+deb10u4
HIGH8.1glibc - security update
from 0, < 2.31-13+deb11u10
HIGH8.1An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000.
from 0, < 2.31-2
HIGH8.1Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-…
from 0, < 2.21-1
HIGH8.1Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause…
from 0, < 2.21-1
HIGH8.1glibc - security update
from 0, < 2.19-18+deb8u3
HIGH8.1glibc - security update
from 0, < 2.21-8
HIGH7.8glibc - security update
from 0, < 2.31-13+deb11u13
HIGH7.8glibc - security update
from 0, < 2.31-13+deb11u13
HIGH7.8glibc - security update
from 0, < 2.36-9+deb12u4
HIGH7.8glibc - security update
from 0, < 2.36-9+deb12u4
HIGH7.8A flaw was found in glibc.
from 0, < 2.31-13+deb11u4
HIGH7.8The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to…
from 0, < 2.28-6
HIGH7.8An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyon…
from 0, < 2.27-4
HIGH7.8A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable.
from 0, < 2.25-5
HIGH7.8In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffe…
from 0, < 2.26-4
HIGH7.8elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged…
from 0, < 2.25-6
HIGH7.8glibc - security update
from 0, < 2.19-18+deb8u10
HIGH7.8glibc - security update
from 0, < 2.24-12
HIGH7.5Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and…
from 0
HIGH7.5The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the I…
from 0
HIGH7.5Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library vers…
from 0, < 2.36-9+deb12u14
HIGH7.5Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to…
from 0
HIGH7.5Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries fo…
from 0
HIGH7.5An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.
from 0, < 2.36-9+deb12u4
HIGH7.5A flaw was found in the GNU C Library.
from 0, < 2.37-11
HIGH7.5A flaw was found in glibc.
from 0, < 2.33-4
HIGH7.5In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character vi…
from 0, < 2.31-13+deb11u3
HIGH7.5The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3…
from 0, < 2.31-10
HIGH7.5sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input…
from 0, < 2.23-1
HIGH7.5In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demon…
from 0
HIGH7.5In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demon…
from 0
HIGH7.5In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to c…
from 0, < 2.28-1
HIGH7.5In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation…
from 0, < 2.28-1
HIGH7.5res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process cras…
from 0, < 2.24-9
HIGH7.5Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2…
from 0, < 2.22-4
HIGH7.5The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on…
from 0, < 2.24-1
HIGH7.5Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows rem…
from 0, < 2.22-8
HIGH7.5Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows cont…
from 0, < 2.22-6
HIGH7.5eglibc - security update
from 0, < 2.22-8
HIGH7.4nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory w…
from 0, < 2.31-13+deb11u10
HIGH7.3The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-suppli…
from 0
HIGH7.3nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc o…
from 0, < 2.31-13+deb11u10
HIGH7.3glibc - security update
from 0, < 2.31-13+deb11u9
HIGH7.3glibc - security update
from 0, < 2.31-13+deb11u9
HIGH7.3glibc - security update
from 0, < 2.28-10+deb10u3
HIGH7.0A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out.
from 0, < 2.30-3
HIGH7.0An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC.
from 0, < 2.30-3
HIGH7.0A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable.
from 0, < 2.25-5
MEDIUM6.5The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA conten…
from 0
MEDIUM6.5A flaw was found in glibc.
from 0, < 2.36-9+deb12u3
MEDIUM6.2Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under h…
from 0, < 2.36-9
MEDIUM6.2glibc - security update
from 0, < 2.31-13+deb11u12
MEDIUM6.2glibc - security update
from 0, < 2.31-13+deb11u12
MEDIUM6.2eglibc - security update
from 0, < 2.15
MEDIUM5.9nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup respon…
from 0, < 2.31-13+deb11u10
MEDIUM5.9A flaw has been identified in glibc.
from 0
MEDIUM5.9A flaw has been identified in glibc.
from 0
MEDIUM5.9The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR…
from 0, < 2.31-9
MEDIUM5.9The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocat…
from 0, < 2.25-3
MEDIUM5.9Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows…
from 0, < 2.24-15
MEDIUM5.9The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP r…
from 0, < 2.25-1
MEDIUM5.9The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (asse…
from 0, < 2.28-1
MEDIUM5.9The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of ser…
from 0, < 2.21-1
MEDIUM5.9glibc - security update
from 0, < 2.31-3
MEDIUM5.9glibc - security update
from 0, < 2.28-10+deb10u2
MEDIUM5.9libtirpc - security update
from 0, < 2.22-10
MEDIUM5.6The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 t…
from 0, < 2.41-9
MEDIUM5.6The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to…
from 0, < 2.41-9
MEDIUM5.5end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to…
from 0, < 2.22-1
MEDIUM5.5The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM136…
from 0, < 2.31-5
MEDIUM5.5The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long d…
from 0, < 2.30-1