Debian Glibc vulnerabilities

CVE-2014-9761 [CRITICAL] CVE-2014-9761: glibc - Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) ... Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Scope: local bookworm: resolved (fixed in 2.23-1) bullseye: resolved (fixed in 2.23-1) for

CVE-2014-9984 [CRITICAL] CVE-2014-9984: glibc - nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not corr... nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. Scope: local bookworm: resolved (fixed in 2.19-14) bullseye: resolved (fixed in 2.19-14) forky: resolved (fixed in 2.19-14)

CVE-2014-9402 [HIGH] CVE-2014-9402: glibc - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2... The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. Scope: local bookworm: resolved (fixed in 2.19-14) bullseye: resolved (fixed

CVE-2014-6040 [MEDIUM] CVE-2014-6040: glibc - GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to caus... GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. Scope: local bookworm: resolved (fixed in 2.19-12) bullseye: resolved

CVE-2014-0475 [MEDIUM] CVE-2014-0475: glibc - Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc... Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. Scope: local bookworm: resolved (fixed in 2.19-6) bullseye: resolved (fixed in 2

CVE-2014-5119 [HIGH] CVE-2014-5119: glibc - Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C... Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Scope: local bookworm: resolved (fixed in 2.19-10) bullseye: resolved (fixed in 2.

CVE-2014-7817 [MEDIUM] CVE-2014-7817: glibc - The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE... The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". Scope: local bookworm: resolved (fixed in 2.19-14) bullseye: resolved (fixed in 2.19-14) forky: resolved (fixed in 2.19-14) sid: resolved (fixed in 2.19-14

CVE-2014-4043 [HIGH] CVE-2014-4043: glibc - The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy... The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. Scope: local bookworm: resolved (fixed in 2.19-2) bullseye: resolved (fixed in 2.19-2) forky: resolved (fixed in 2.19-2) sid: resolved (fixed in

CVE-2014-8121 [MEDIUM] CVE-2014-8121: glibc - DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Lib... DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. Scope: local bookworm

CVE-2013-7424 [MEDIUM] CVE-2013-7424: glibc - The getaddrinfo function in glibc before 2.15, when compiled with libidn and the... The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Scope: local bookworm: resolved (fixed in 2.15-1) bullseye: resolv

CVE-2013-7423 [MEDIUM] CVE-2013-7423: glibc - The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) ... The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. Scope: local bookworm: resolved (fixed in 2.19-1) bullseye: resolved (fixed in 2.1

CVE-2013-4332 [MEDIUM] CVE-2013-4332: glibc - Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or... Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Scope: local bookworm: resolved (fixed in 2.17-93) bullseye: resolve

CVE-2013-4237 [MEDIUM] CVE-2013-4237: glibc - sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and ear... sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. Scope: local bookworm: resolved (fixed in 2.17-94) bullseye: resolved (fixed in 2.17-94) forky: resolved (fixed

CVE-2013-2207 [LOW] CVE-2013-2207: glibc - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly che... pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Scope: local bookworm: resolved (fixed in 2.21-1) bullseye: resolved (fixed in 2.21-1) forky: resolved (fixed in 2.21-

CVE-2013-0242 [MEDIUM] CVE-2013-0242: glibc - Buffer overflow in the extend_buffers function in the regular expression matcher... Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Scope: local bookworm: resolved (fixed in 2.17-2) bullseye: resolved (fixed in 2.17-2) forky: resolved (fi

CVE-2013-4458 [MEDIUM] CVE-2013-4458: glibc - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddr... Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-201

CVE-2013-4788 [MEDIUM] CVE-2013-4788: glibc - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.1... The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer gua

CVE-2013-1914 [MEDIUM] CVE-2013-1914: glibc - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddr... Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Scope: local bookworm: resolved (fixed in 2.17-2) bullseye: resolved (f

CVE-2012-3480 [MEDIUM] CVE-2012-3480: glibc - Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strto... Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Scope: local bookworm:

CVE-2012-6656 [MEDIUM] CVE-2012-6656: glibc - iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-depen... iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. Scope: local bookworm: resolved (fixed in 2.17-1) bullseye: resolved (fixed in 2.17-1) forky: resolved (fixed in