Gnu Glibc vulnerabilities
170 known vulnerabilities affecting gnu/glibc.
Total CVEs
170
CISA KEV
1
actively exploited
Public exploits
25
Exploited in wild
1
Severity breakdown
CRITICAL24HIGH67MEDIUM70LOW9
Vulnerabilities
Page 3 of 9
CVE-2021-35942CRITICALCVSS 9.1fixed in 2.312021-07-22
CVE-2021-35942 [CRITICAL] CWE-190 CVE-2021-35942: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memor
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct ca
nvdosv
CVE-2021-33574CRITICALCVSS 9.8v2.32v2.332021-05-25
CVE-2021-33574 [CRITICAL] CWE-416 CVE-2021-33574: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
nvdosv
CVE-2020-27618MEDIUMCVSS 5.5≤ 2.322021-02-26
CVE-2020-27618 [MEDIUM] CVE-2020-27618: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228
nvdosv
CVE-2021-27645LOWCVSS 2.5≥ 2.29, ≤ 2.332021-02-24
CVE-2021-27645 [LOW] CWE-415 CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, wh
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
nvdosv
CVE-2021-3326HIGHCVSS 7.5≤ 2.32.02021-01-27
CVE-2021-3326 [HIGH] CWE-617 CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
nvdosv
CVE-2019-25013MEDIUMCVSS 5.9≤ 2.322021-01-04
CVE-2019-25013 [MEDIUM] CWE-125 CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
nvdosv
CVE-2020-29573HIGHCVSS 7.5fixed in 2.232020-12-06
CVE-2020-29573 [HIGH] CWE-787 CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a s
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect
nvdosv
CVE-2020-29562MEDIUMCVSS 4.8≥ 2.30, ≤ 2.322020-12-04
CVE-2020-29562 [MEDIUM] CWE-617 CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
nvdosv
CVE-1999-0199CRITICALCVSS 9.8fixed in 2.22020-10-06
CVE-1999-0199 [CRITICAL] CWE-252 CVE-1999-0199: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecifi
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
nvdosv
CVE-2020-1752HIGHCVSS 7.0fixed in 2.32.02020-04-30
CVE-2020-1752 [HIGH] CWE-416 CVE-2020-1752: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the ti
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, w
nvdosv
CVE-2020-1751HIGHCVSS 7.0fixed in 2.312020-04-17
CVE-2020-1751 [HIGH] CWE-787 CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
nvdosv
CVE-2020-6096HIGHCVSS 8.1≤ 2.312020-04-01
CVE-2020-6096 [HIGH] CWE-195 CVE-2020-6096: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU gl
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulner
nvdosv
CVE-2020-10029MEDIUMCVSS 5.5fixed in 2.32.02020-03-04
CVE-2020-10029 [MEDIUM] CWE-787 CVE-2020-10029: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range re
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
nvdosv
CVE-2019-19126LOWCVSS 3.3fixed in 2.312019-11-19
CVE-2019-19126 [LOW] CWE-665 CVE-2019-19126: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
nvdosv
CVE-2005-3590CRITICALCVSS 9.8fixed in 2.3.52019-04-10
CVE-2005-3590 [CRITICAL] CWE-119 CVE-2005-3590: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zer
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.
nvdosv
CVE-2006-7254MEDIUMCVSS 5.5fixed in 2.52019-04-10
CVE-2006-7254 [MEDIUM] CWE-19 CVE-2006-7254: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client socke
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
nvdosv
CVE-2019-9169CRITICALCVSS 9.8≤ 2.292019-02-26
CVE-2019-9169 [CRITICAL] CWE-125 CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a h
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
nvdosv
CVE-2018-20796HIGHCVSS 7.5≤ 2.292019-02-26
CVE-2018-20796 [HIGH] CWE-674 CVE-2018-20796: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
nvd
CVE-2009-5155HIGHCVSS 7.5fixed in 2.282019-02-26
CVE-2009-5155 [HIGH] CWE-19 CVE-2009-5155: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses al
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
nvdosv
CVE-2019-9192HIGHCVSS 7.5≤ 2.292019-02-26
CVE-2019-9192 [HIGH] CVE-2019-9192: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
nvd