Gnu Glibc vulnerabilities

CVE-2020-29562 [MEDIUM] CWE-617 CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVE-1999-0199 [CRITICAL] CWE-252 CVE-1999-0199: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecifi manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

CVE-2020-1752 [HIGH] CWE-416 CVE-2020-1752: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the ti A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, w

CVE-2020-1751 [MEDIUM] CWE-787 CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

CVE-2020-6096 [HIGH] CWE-195 CVE-2020-6096: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU gl An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulner

CVE-2020-10029 [MEDIUM] CWE-787 CVE-2020-10029: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range re The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

CVE-2019-19126 [LOW] CWE-665 CVE-2019-19126: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_ On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

CVE-2005-3590 [CRITICAL] CWE-119 CVE-2005-3590: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zer The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

CVE-2006-7254 [MEDIUM] CWE-19 CVE-2006-7254: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client socke The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

CVE-2019-9169 [CRITICAL] CWE-125 CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a h In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

CVE-2018-20796 [HIGH] CWE-674 CVE-2018-20796: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

CVE-2019-9192 [HIGH] CVE-2019-9192: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

CVE-2009-5155 [HIGH] CWE-19 CVE-2009-5155: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses al In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

CVE-2019-7309 [MEDIUM] CVE-2019-7309: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

CVE-2016-10739 [MEDIUM] CWE-20 CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially d

CVE-2019-6488 [HIGH] CWE-404 CVE-2019-6488: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/

CVE-2018-19591 [HIGH] CWE-20 CVE-2018-19591: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

CVE-2018-11236 [CRITICAL] CWE-190 CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing ve stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

CVE-2017-18269 [CRITICAL] CWE-119 CVE-2017-18269: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unalign An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation

CVE-2018-11237 [HIGH] CWE-787 CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.