Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6485 4 Gnu, Redhat, Netapp and 1 more 14 Glibc, Virtualization Host, Enterprise Linux Desktop and 11 more 2019-04-26 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading...
CVE-2017-16997 2 Gnu, Redhat 5 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-04-26 9.3
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-04-26 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2018-11237 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 4.6
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-11236 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 7.5
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer...
CVE-2016-10739 2 Gnu, Opensuse 2 Glibc, Leap 2019-04-23 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume...
CVE-2012-3406 3 Canonical, Gnu, Redhat 4 Enterprise Virtualization, Ubuntu Linux, Glibc and 1 more 2019-04-22 6.8
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent...
CVE-2012-3404 3 Redhat, Canonical, Gnu 4 Enterprise Virtualization, Ubuntu Linux, Glibc and 1 more 2019-04-22 5.0
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string...
CVE-2012-3405 3 Redhat, Gnu, Canonical 4 Enterprise Virtualization, Ubuntu Linux, Glibc and 1 more 2019-04-22 5.0
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string...
CVE-2019-9169 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-04-16 7.5
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2005-3590 1 Gnu 1 Glibc 2019-04-11 7.5
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers...
CVE-2006-7254 1 Gnu 1 Glibc 2019-04-11 2.1
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
CVE-2009-5155 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-03-25 5.0
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by...
CVE-2016-4429 6 Novell, Gnu, Opensuse and 3 more 7 Glibc, Opensuse, Opensuse and 4 more 2019-03-22 7.5
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP...
CVE-2018-19591 2 Gnu, Fedoraproject 2 Glibc, Fedora 2019-03-21 5.0
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
CVE-2018-1000001 3 Gnu, Redhat, Canonical 9 Glibc, Virtualization Host, Ubuntu Linux and 6 more 2019-03-19 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018-20796 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-03-15 5.0
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
CVE-2019-7309 1 Gnu 1 Glibc 2019-02-27 2.1
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
CVE-2019-9192 1 Gnu 1 Glibc 2019-02-27 5.0
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software...
CVE-2019-6488 1 Gnu 1 Glibc 2019-02-05 4.6
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly...