Debian Glibc vulnerabilities

CVE-2020-1752 [HIGH] CVE-2020-1752: glibc - A use-after-free vulnerability introduced in glibc upstream version 2.14 was fou... A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially

CVE-2020-10029 [MEDIUM] CVE-2020-10029: glibc - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack bu... The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. Scope: local bookworm: resolved (fixed in 2

CVE-2020-27618 [MEDIUM] CVE-2020-27618: glibc - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, w... The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. Scope:

CVE-2020-29562 [MEDIUM] CVE-2020-29562: glibc - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when ... The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. Scope: local bookworm: resolved (fixed in 2.31-7) bullseye: resolved (fixed in 2.31-7) forky: resolved (fixed in 2.31-7) si

CVE-2020-1751 [MEDIUM] CVE-2020-1751: glibc - An out-of-bounds write vulnerability was found in glibc before 2.31 when handlin... An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. Scope: local boo

CVE-2020-6096 [HIGH] CVE-2020-6096: glibc - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() impl... An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lea

CVE-2019-9169 [CRITICAL] CVE-2019-9169: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in pos... In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Scope: local bookworm: resolved (fixed in 2.28-9) bullseye: resolved (fixed in 2.28-9) forky: resolved (fixed in 2.28-9) sid: resolved (fixed in 2.28-9) trixie: resolved (fixed in 2

CVE-2019-25013 [MEDIUM] CVE-2019-25013: glibc - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when p... The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. Scope: local bookworm: resolved (fixed in 2.31-9) bullseye: resolved (fixed in 2.31-9) forky: resolved (fixed in 2.31-9) sid: resolved (fixed in 2.31-9) trixie: resolved (fixed in 2.31-9)

CVE-2019-19126 [LOW] CVE-2019-19126: glibc - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to i... On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. Scope: local bookworm: resolved (fixed in 2.29-8)

CVE-2019-1010024 [MEDIUM] CVE-2019-1010024: glibc - GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may ... GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-1010023 [MEDIUM] CVE-2019-1010023: glibc - GNU Libc current is affected by: Re-mapping current loaded library with maliciou... GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug an

CVE-2019-1010022 [CRITICAL] CVE-2019-1010022: glibc - GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may ... GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Scope:

CVE-2019-6488 [HIGH] CVE-2019-6488: glibc - The string component in the GNU C Library (aka glibc or libc6) through 2.28, whe... The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unali

CVE-2019-9192 [HIGH] CVE-2019-9192: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_po... In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Scope: local bookworm: open bullsey

CVE-2019-7309 [MEDIUM] CVE-2019-7309: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for ... In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. Scope: local bookworm: resolved (fixed in 2.28-6) bullseye: resolved (fixed in 2.28-6) forky: resolved (fixed in 2.28-6) sid: resolved (fixed in 2.28-

CVE-2019-1010025 [MEDIUM] CVE-2019-1010025: glibc - GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may ... GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-6551 [CRITICAL] CVE-2018-6551: glibc - The malloc implementation in the GNU C Library (aka glibc or libc6), from versio... The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. Scope: local bookworm: resolved (fixed in

CVE-2018-6485 [CRITICAL] CVE-2018-6485: glibc - An integer overflow in the implementation of the posix_memalign in memalign func... An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Scope: local bookworm: resolved (fixed in 2.27-1) bullseye: resolved (fixed in 2.27-1) forky: resolve

CVE-2018-19591 [HIGH] CVE-2018-19591: glibc - In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a ... In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. Scope: local bookworm: resolved (fixed in 2.28-1) bullseye: resolved (fixed in 2.28-1) forky: resolved (fixed in 2.28-1) sid: resolved (fi

CVE-2018-1000001 [HIGH] CVE-2018-1000001: glibc - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpat... In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Scope: local bookworm: resolved (fixed in 2.26-4) bullseye: resolved (fixed in 2.26-4) forky: resolved (fixed in 2.26-4) sid: resolved (fixed in 2.26-4) trixie: reso