Debian Glibc vulnerabilities

CVE-2016-4429 [MEDIUM] CVE-2016-4429: glibc - Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in... Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. Scope: local bookworm: resolved (fixed in 2.22-10) bullseye: resolved (fixed in 2.22-10) forky: resolved (fix

CVE-2016-2856 [HIGH] CVE-2016-2856: glibc - pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc ... pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allo

CVE-2016-10228 [MEDIUM] CVE-2016-10228: glibc - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, wh... The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. Scope: local bookworm: resolved (fixed in 2.31-3) bullseye: resolved (

CVE-2015-8779 [CRITICAL] CVE-2015-8779: glibc - Stack-based buffer overflow in the catopen function in the GNU C Library (aka gl... Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Scope: local bookworm: resolved (fixed in 2.21-7) bullseye: resolved (fixed in 2.21-7) forky: resolved (fixed in 2.21-

CVE-2015-8776 [CRITICAL] CVE-2015-8776: glibc - The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allo... The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. Scope: local bookworm: resolved (fixed in 2.21-7) bullseye: resolved (fixed in 2.21-7) forky: resolved (fixed in 2.21-7) sid: resolved

CVE-2015-8778 [CRITICAL] CVE-2015-8778: glibc - Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows co... Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Scope: local bookworm: resolved (fixed in 2.21-8) bullseye: resolved (fixed in

CVE-2015-5277 [HIGH] CVE-2015-5277: glibc - The get_contents function in nss_files/files-XXX.c in the Name Service Switch (N... The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. Scope: local bookworm: resolved (fixed in 2.21-1) bullseye: resolved (fixed in 2.21-1) forky: resolved (f

CVE-2015-1472 [HIGH] CVE-2015-1472: glibc - The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc... The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wsc

CVE-2015-8983 [HIGH] CVE-2015-8983: glibc - Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU... Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (f

CVE-2015-0235 [CRITICAL] CVE-2015-0235: glibc - Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2... Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Scope: local bookworm: resolved (fixed in 2.18-1) bullseye: resolved (fixed in 2.18-1) forky: res

CVE-2015-7547 [HIGH] CVE-2015-7547: glibc - Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functio... Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address

CVE-2015-8982 [HIGH] CVE-2015-8982: glibc - Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc... Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.21-1) bullseye: resolved (fixed in 2.21-1) forky: resolved (f

CVE-2015-20109 [MEDIUM] CVE-2015-20109: glibc - end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or li... end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984

CVE-2015-1781 [MEDIUM] CVE-2015-1781: glibc - Buffer overflow in the gethostbyname_r and other unspecified NSS functions in th... Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Scope: local bookworm: resolved (fixed in 2.19-20) bullseye: resolv

CVE-2015-1473 [MEDIUM] CVE-2015-1473: glibc - The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc... The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long

CVE-2015-8984 [MEDIUM] CVE-2015-8984: glibc - The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might... The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 2.21-1) bullseye: resolved (fixed in 2.21-1) forky: resolved (fixed in 2.21-1) sid: resolved (fixed i

CVE-2015-8777 [MEDIUM] CVE-2015-8777: glibc - The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or li... The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. Scope: local bookworm: resolved (fixed in 2.21-1) bullseye: resolved (fixed in 2.21-1) forky: resolved (fixed in 2.21-1) sid: resolved (fixed

CVE-2015-5180 [HIGH] CVE-2015-5180: glibc - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a d... res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Scope: local bookworm: resolved (fixed in 2.24-9) bullseye: resolved (fixed in 2.24-9) forky: resolved (fixed in 2.24-9) sid: resolved (fixed in 2.24-9) trixie: resolved (fixed in 2.24-9)

CVE-2015-5229 [HIGH] CVE-2015-5229: glibc - The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 ... The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-8985 [MEDIUM] CVE-2015-8985: glibc - The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows con... The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. Scope: local bookworm: resolved (fixed in 2.28-1) bullseye: resolved (fixed in 2.28-1) forky: resolved (fixed in 2.28-1) sid: resol