Debian Glibc vulnerabilities

CVE-2018-11237 [HIGH] CVE-2018-11237: glibc - An AVX-512-optimized implementation of the mempcpy function in the GNU C Library... An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. Scope: local bookworm: resolved (fixed in 2.27-4) bullseye: resolved (fixed in 2.27-4) forky: resolved (fixed in 2.27-4) sid: resolved (fixed in 2

CVE-2018-20796 [HIGH] CVE-2018-20796: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_po... In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-11236 [CRITICAL] CVE-2018-11236: glibc - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier... stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.27-4) bullseye: resolve

CVE-2017-18269 [CRITICAL] CVE-2017-18269: glibc - An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch... An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclo

CVE-2017-1000366 [HIGH] CVE-2017-1000366: glibc - glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH val... glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they

CVE-2017-16997 [HIGH] CVE-2017-16997: glibc - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishan... elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpret

CVE-2017-1000408 [HIGH] CVE-2017-1000408: glibc - A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and ampli... A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. Scope: local bookworm: resolved (fixed in 2.25-5) bullseye: resolved (fixed in 2.25-5) forky: resolved (fixed in 2.25-5) sid: r

CVE-2017-1000409 [HIGH] CVE-2017-1000409: glibc - A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be trigg... A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. Scope: local bookworm: resolved (fixed in 2.25-5) bullseye: resolved (fixed in 2.25-5) forky: resolved (fixed in 2.25-5) sid:

CVE-2017-12132 [MEDIUM] CVE-2017-12132: glibc - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2... The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. Scope: local bookworm: resolved (fixed in 2.25-1) bullseye: resolved (fixed in 2.25-1) forky: resolved (fixed in 2.25-1) s

CVE-2017-12133 [MEDIUM] CVE-2017-12133: glibc - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c i... Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. Scope: local bookworm: resolved (fixed in 2.24-15) bullseye: resolved (fixed in 2.24-15) forky: resolved (fixed in 2.24-15) sid: resolved (fixed in 2

CVE-2017-17426 [HIGH] CVE-2017-17426: glibc - The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return ... The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. Scope: lo

CVE-2017-15670 [CRITICAL] CVE-2017-15670: glibc - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error ... The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. Scope: local bookworm: resolved (fixed in 2.25-3) bullseye: resolved (fixed in 2.25-3) forky: resolved (fixed in 2.25-3)

CVE-2017-15671 [MEDIUM] CVE-2017-15671: glibc - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.2... The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). Scope: local bookworm: resolved (fixed in 2.25-3) bullseye: resolved (fixed in 2.25-3) forky: resolved (fix

CVE-2017-15804 [CRITICAL] CVE-2017-15804: glibc - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.2... The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. Scope: local bookworm: resolved (fixed in 2.25-3) bullseye: resolved (fixed in 2.25-3) forky: resolved (fixed in 2.25-3) sid: resolved (fixed in 2.25-3) trixie: resolved (fixed in 2.25-3)

CVE-2016-1234 [HIGH] CVE-2016-1234: glibc - Stack-based buffer overflow in the glob implementation in GNU C Library (aka gli... Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. Scope: local bookworm: resolved (fixed in 2.22-8) bullseye: resolved (fixed in 2.22-8) forky: resolved (fixed in 2.22-8) sid: resolved (fixed in 2.22-8) tri

CVE-2016-5417 [HIGH] CVE-2016-5417: glibc - Memory leak in the __res_vinit function in the IPv6 name server management code ... Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. Scope: local bookworm: resolved (fixed in 2.22-4) bullseye: resolved (fixed in 2

CVE-2016-3075 [HIGH] CVE-2016-3075: glibc - Stack-based buffer overflow in the nss_dns implementation of the getnetbyname fu... Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Scope: local bookworm: resolved (fixed in 2.22-6) bullseye: resolved (fixed in 2.22-6) forky: resolved (fixed in 2.22-6)

CVE-2016-6323 [HIGH] CVE-2016-6323: glibc - The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 c... The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. Scope: local bookworm: resolved (

CVE-2016-3706 [MEDIUM] CVE-2016-3706: glibc - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddr... Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. Scope: local bookworm: resolved (fixed in 2.22-8) bullseye

CVE-2016-10739 [MEDIUM] CVE-2016-10739: glibc - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function... In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substr