Product:

Glibc

(Gnu)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 114
Date ID Summary Products Score Patch
2019-11-19 CVE-2019-19126 On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. Glibc N/A
2003-03-25 CVE-2003-0028 Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Unicos, Freebsd, Glibc, Hp\-Ux, Hp\-Ux_series_700, Hp\-Ux_series_800, Aix, Kerberos_5, Openafs, Openbsd, Irix, Solaris, Sunos N/A
2018-02-01 CVE-2018-6485 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Glibc, Cloud_backup, Data_ontap_edge, Element_software, Element_software_management, Steelstore_cloud_integrated_storage, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host 9.8
2019-02-26 CVE-2019-9192 ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. Glibc 7.5
2019-02-26 CVE-2018-20796 In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage 7.5
2019-11-04 CVE-2013-4412 slim has NULL pointer dereference when using crypt() method from glibc 2.17 Slim, Debian_linux, Glibc N/A
2019-07-15 CVE-2019-1010023 GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. Glibc 8.8
2017-10-20 CVE-2017-15671 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). Glibc 5.9
2017-09-07 CVE-2017-12133 Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. Glibc 5.9
2017-08-01 CVE-2017-12132 The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. Glibc 5.9