Gnu Glibc vulnerabilities

CVE-2024-33600 [MEDIUM] CWE-476 CVE-2024-33600: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVE-2024-2961 [HIGH] CWE-787 CVE-2024-2961: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer pas The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVE-2023-6779 [HIGH] CWE-122 CVE-2023-6779: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc l An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an a

CVE-2023-6246 [HIGH] CWE-122 CVE-2023-6246: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an a

CVE-2023-6780 [MEDIUM] CWE-131 CVE-2023-6780: An integer overflow was found in the __vsyslog_internal function of the glibc library. This function An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-5156 [HIGH] CVE-2023-5156: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CVE-2023-4527 [MEDIUM] CWE-121 CVE-2023-4527: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVE-2023-4806 [MEDIUM] CWE-416 CVE-2023-4806: A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may ac A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The r

CVE-2023-4813 [MEDIUM] CWE-416 CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2015-20109 [MEDIUM] CWE-120 CVE-2015-20109: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 mig end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fix

CVE-2023-0687 [CRITICAL] CWE-120 CVE-2023-0687: A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerabilit A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. N

CVE-2023-25139 [CRITICAL] CWE-787 CVE-2023-25139: sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situat sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact si

CVE-2022-39046 [MEDIUM] CWE-532 CVE-2022-39046: An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a craf An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

CVE-2021-3998 [HIGH] CWE-125 CVE-2021-3998: A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potent A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3999 [HIGH] CWE-193 CVE-2021-3999: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memor A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVE-2022-23219 [CRITICAL] CWE-120 CVE-2022-23219: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka gli The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrar

CVE-2022-23218 [CRITICAL] CWE-120 CVE-2022-23218: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary

CVE-2021-43396 [HIGH] CVE-2021-43396: In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires i

CVE-2021-38604 [HIGH] CVE-2021-38604: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandl In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.