Glibc - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Glibc
(Gnu)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	144

Date	Id	Summary	Products	Score	Patch	Annotated
2013-10-09	CVE-2013-4237	sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.	Glibc	N/A
2013-10-09	CVE-2013-4332	Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.	Glibc, Enterprise_linux	N/A
2014-08-29	CVE-2014-5119	Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.	Debian_linux, Glibc	N/A
2014-10-27	CVE-2011-2702	Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.	Eglibc, Glibc	N/A
2014-11-24	CVE-2014-7817	The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".	Ubuntu_linux, Debian_linux, Glibc, Opensuse	N/A
2014-12-05	CVE-2014-6040	GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.	Glibc	N/A
2015-02-24	CVE-2014-9402	The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.	Ubuntu_linux, Glibc, Opensuse	N/A
2015-03-27	CVE-2014-8121	DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.	Ubuntu_linux, Glibc, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server	N/A
2015-09-28	CVE-2015-1781	Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.	Ubuntu_linux, Debian_linux, Glibc, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server	N/A
2015-12-17	CVE-2015-5277	The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.	Ubuntu_linux, Glibc, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation	N/A