Klibc Project Klibc vulnerabilities

6 known vulnerabilities affecting klibc_project/klibc.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2

Vulnerabilities

Page 1 of 1
CVE-2016-9840HIGHCVSS 8.8≥ 0, < 2.0.13-4ubuntu0.12024-05-23
CVE-2016-9840 [HIGH] klibc vulnerabilities klibc vulnerabilities USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled mem
osv
CVE-2021-31873CRITICALCVSS 9.8fixed in 2.0.92021-04-30
CVE-2021-31873 [CRITICAL] CWE-190 CVE-2021-31873: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an i An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
nvdosv
CVE-2021-31870CRITICALCVSS 9.8fixed in 2.0.92021-04-30
CVE-2021-31870 [CRITICAL] CWE-190 CVE-2021-31870: An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
nvdosv
CVE-2021-31872CRITICALCVSS 9.8fixed in 2.0.92021-04-30
CVE-2021-31872 [CRITICAL] CWE-190 CVE-2021-31872: An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio comma An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
nvdosv
CVE-2021-31871HIGHCVSS 7.5fixed in 2.0.92021-04-30
CVE-2021-31871 [HIGH] CWE-190 CVE-2021-31871: An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
nvdosv
CVE-2011-1930CRITICALCVSS 9.8PoCfixed in 1.5.252019-11-14
CVE-2011-1930 [CRITICAL] CVE-2011-1930: In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not pr In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
nvdosv