Gnu Glibc vulnerabilities

CVE-2019-7309 [MEDIUM] CVE-2019-7309: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

CVE-2016-10739 [MEDIUM] CWE-20 CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially d

CVE-2019-6488 [HIGH] CWE-404 CVE-2019-6488: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/

CVE-2018-19591 [HIGH] CWE-20 CVE-2018-19591: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

CVE-2018-11236 [CRITICAL] CWE-190 CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing ve stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

CVE-2017-18269 [CRITICAL] CWE-119 CVE-2017-18269: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unalign An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation

CVE-2018-11237 [HIGH] CWE-787 CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

CVE-2018-6551 [CRITICAL] CWE-190 CVE-2018-6551: The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on po The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

CVE-2018-6485 [CRITICAL] CWE-190 CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

CVE-2017-1000408 [HIGH] CVE-2017-1000408: A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_ A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

CVE-2017-1000409 [HIGH] CVE-2017-1000409: A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_ A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

CVE-2018-1000001 [HIGH] CWE-787 CVE-2018-1000001: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVE-2017-16997 [HIGH] CWE-426 CVE-2017-16997: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPA elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated

CVE-2017-17426 [HIGH] CWE-190 CVE-2017-17426: The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow

CVE-2017-15804 [CRITICAL] CWE-119 CVE-2017-15804: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

CVE-2017-15670 [CRITICAL] CWE-119 CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-ba The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

CVE-2017-15671 [MEDIUM] CWE-772 CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

CVE-2011-5320 [MEDIUM] CWE-119 CVE-2011-5320: scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (seg scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

CVE-2017-12133 [MEDIUM] CWE-416 CVE-2017-12133: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

CVE-2017-12132 [MEDIUM] CWE-770 CVE-2017-12132: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS suppo The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.