Gnu Glibc vulnerabilities

CVE-2023-4806 [MEDIUM] CWE-416 CVE-2023-4806: A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may ac A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The r

CVE-2023-4527 [MEDIUM] CWE-121 CVE-2023-4527: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVE-2023-4813 [MEDIUM] CWE-416 CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2015-20109 [MEDIUM] CWE-120 CVE-2015-20109: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 mig end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fix

CVE-2023-0687 [MEDIUM] CWE-120 CVE-2023-0687: A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerabilit A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOT

CVE-2023-25139 [CRITICAL] CWE-787 CVE-2023-25139: sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situat sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact si

CVE-2022-39046 [HIGH] CWE-532 CVE-2022-39046: An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a craf An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

CVE-2021-3998 [HIGH] CWE-125 CVE-2021-3998: A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potent A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3999 [HIGH] CWE-193 CVE-2021-3999: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memor A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVE-2022-23218 [CRITICAL] CWE-120 CVE-2022-23218: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary

CVE-2022-23219 [CRITICAL] CWE-120 CVE-2022-23219: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka gli The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrar

CVE-2021-43396 [HIGH] CVE-2021-43396: In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires i

CVE-2021-38604 [HIGH] CVE-2021-38604: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandl In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

CVE-2021-35942 [CRITICAL] CWE-190 CVE-2021-35942: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memor The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct ca

CVE-2021-33574 [CRITICAL] CWE-416 CVE-2021-33574: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

CVE-2020-27618 [MEDIUM] CVE-2020-27618: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228

CVE-2021-27645 [LOW] CWE-415 CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, wh The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

CVE-2021-3326 [HIGH] CWE-617 CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVE-2019-25013 [MEDIUM] CWE-125 CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVE-2020-29573 [HIGH] CWE-787 CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a s sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect