Gnu Glibc vulnerabilities
170 known vulnerabilities affecting gnu/glibc.
Total CVEs
170
CISA KEV
1
actively exploited
Public exploits
25
Exploited in wild
1
Severity breakdown
CRITICAL24HIGH67MEDIUM70LOW9
Vulnerabilities
Page 5 of 9
CVE-2015-5180HIGHCVSS 7.5≤ 2.242017-06-27
CVE-2015-5180 [HIGH] CWE-476 CVE-2015-5180: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NU
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
nvdosv
CVE-2017-1000366HIGHCVSS 7.8PoC≤ 2.252017-06-19
CVE-2017-1000366 [HIGH] CWE-119 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploita
nvdosv
CVE-2014-9984CRITICALCVSS 9.8≤ 2.192017-06-12
CVE-2014-9984 [CRITICAL] CWE-119 CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the si
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
nvdosv
CVE-2017-8804HIGHCVSS 7.5v2.252017-05-07
CVE-2017-8804 [HIGH] CVE-2017-8804: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle fail
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Infor
nvd
CVE-2015-8983HIGHCVSS 8.1≤ 2.212017-03-20
CVE-2015-8983 [HIGH] CWE-190 CVE-2015-8983: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glib
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
nvdosv
CVE-2015-8985MEDIUMCVSS 5.9fixed in 2.282017-03-20
CVE-2015-8985 [MEDIUM] CWE-19 CVE-2015-8985: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attac
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
nvdosv
CVE-2015-8984MEDIUMCVSS 5.9≤ 2.212017-03-20
CVE-2015-8984 [MEDIUM] CWE-125 CVE-2015-8984: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-depen
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
nvdosv
CVE-2015-8982HIGHCVSS 8.1≤ 2.202017-03-15
CVE-2015-8982 [HIGH] CWE-190 CVE-2015-8982: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allow
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
nvdosv
CVE-2016-10228MEDIUMCVSS 5.9≤ 2.252017-03-02
CVE-2016-10228 [MEDIUM] CWE-20 CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with mult
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
nvdosv
CVE-2016-5417HIGHCVSS 7.5≤ 2.232017-02-17
CVE-2016-5417 [HIGH] CWE-399 CVE-2016-5417: Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
nvdosv
CVE-2016-6323HIGHCVSS 7.5≤ 2.242016-10-07
CVE-2016-6323 [HIGH] CWE-284 CVE-2016-6323: The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution con
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
nvdosv
CVE-2016-3706HIGHCVSS 7.5fixed in 2.232016-06-10
CVE-2016-3706 [HIGH] CVE-2016-3706: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
nvdosv
CVE-2016-4429MEDIUMCVSS 5.9fixed in 2.242016-06-10
CVE-2016-4429 [MEDIUM] CWE-787 CVE-2016-4429: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
nvdosv
CVE-2016-1234HIGHCVSS 7.5fixed in 2.242016-06-01
CVE-2016-1234 [HIGH] CWE-119 CVE-2016-1234: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, whe
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
nvdosv
CVE-2016-3075HIGHCVSS 7.5≤ 2.232016-06-01
CVE-2016-3075 [HIGH] CWE-119 CVE-2016-3075: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Libr
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
nvdosv
CVE-2015-8776CRITICALCVSS 9.1≤ 2.222016-04-19
CVE-2015-8776 [CRITICAL] CWE-189 CVE-2015-8776: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
nvdosv
CVE-2015-8779CRITICALCVSS 9.8≤ 2.222016-04-19
CVE-2015-8779 [CRITICAL] CWE-119 CVE-2015-8779: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
nvdosv
CVE-2015-8778CRITICALCVSS 9.8≤ 2.222016-04-19
CVE-2015-8778 [CRITICAL] CWE-119 CVE-2015-8778: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent atta
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
nvdosv
CVE-2014-9761CRITICALCVSS 9.8≤ 2.222016-04-19
CVE-2014-9761 [CRITICAL] CWE-119 CVE-2014-9761: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow co
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
nvdosv
CVE-2016-2856HIGHCVSS 8.4PoC≥ 0, < 2.21-12016-03-14
CVE-2016-2856 [HIGH] CVE-2016-2856: pt_chown in the glibc package before 2
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data,
osv