Debian Glibc vulnerabilities

CVE-2023-4911 [HIGH] CVE-2023-4911: glibc - A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi... A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Scope: local bookworm: resolved (fixed in 2.36

CVE-2023-6779 [HIGH] CVE-2023-6779: glibc - An off-by-one heap-based buffer overflow was found in the __vsyslog_internal fun... An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash.

CVE-2023-4813 [MEDIUM] CVE-2023-4813: glibc - A flaw has been identified in glibc. In an uncommon situation, the gaih_inet fun... A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Scope: local bookworm: resolved (fixed in 2

CVE-2023-4806 [MEDIUM] CVE-2023-4806: glibc - A flaw has been identified in glibc. In an extremely rare situation, the getaddr... A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name shou

CVE-2023-6780 [MEDIUM] CVE-2023-6780: glibc - An integer overflow was found in the __vsyslog_internal function of the glibc li... An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and ne

CVE-2023-4527 [MEDIUM] CVE-2023-4527: glibc - A flaw was found in glibc. When the getaddrinfo function is called with the AF_U... A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. Scope: local bookworm: resolved (fixed in 2.36-

CVE-2023-25139 [CRITICAL] CVE-2023-25139: glibc - sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds w... sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to re

CVE-2023-5156 [MEDIUM] CVE-2023-5156: glibc - A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced... A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 2.37-11) sid: resolved (fixed in 2.37-11) trixie: resolved (fixed in 2.37-11)

CVE-2022-23219 [CRITICAL] CVE-2022-23219: glibc - The deprecated compatibility function clnt_create in the sunrpc module of the GN... The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVE-2022-23218 [CRITICAL] CVE-2022-23218: glibc - The deprecated compatibility function svcunix_create in the sunrpc module of the... The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVE-2022-39046 [HIGH] CVE-2022-39046: glibc - An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog funct... An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixi

CVE-2021-35942 [CRITICAL] CVE-2021-35942: glibc - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or ... The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. Scope

CVE-2021-33574 [CRITICAL] CVE-2021-33574: glibc - The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 h... The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. Scope: local bookworm: resolved (fixe

CVE-2021-3998 [HIGH] CVE-2021-3998: glibc - A flaw was found in glibc. The realpath() function can mistakenly return an unex... A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Scope: local bookworm: resolved (fixed in 2.33-4) bullseye: resolved forky: resolved (fixed in 2.33-4) sid: resolved (fixed in 2.33-4) trixie: resolved (fixed in 2.33-4)

CVE-2021-3999 [HIGH] CVE-2021-3999: glibc - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd... A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Scope: local boo

CVE-2021-3326 [HIGH] CVE-2021-3326: glibc - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, w... The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. Scope: local bookworm: resolved (fixed in 2.31-10) bullseye: resolved (fixed in 2.31-10) forky: resolved (fixed in 2

CVE-2021-38604 [CRITICAL] CVE-2021-38604: glibc - In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/... In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-43396 [HIGH] CVE-2021-43396: glibc - In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attac... In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to b

CVE-2021-27645 [LOW] CVE-2021-27645: glibc - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2... The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. Scope: local bookworm: resolved (fixed in 2.31-10) bullseye: resolved (fix

CVE-2020-29573 [HIGH] CVE-2020-29573: glibc - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on... sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default