AVG-1621 log

Package glibc
Status Fixed
Severity High
Type multiple issues
Affected 2.33-5
Fixed 2.34-1
Current 2.35-5 [core]
Ticket None
Created Wed Feb 24 17:50:39 2021
Issue Severity Remote Type Description
CVE-2021-43396 Medium Yes Incorrect calculation
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted...
CVE-2021-35942 Medium Yes Information disclosure
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with...
CVE-2021-33574 Low No Arbitrary code execution
The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed...
CVE-2021-27645 Low Yes Denial of service
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash...
CVE-2021-3999 High No Arbitrary code execution
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A...
CVE-2021-3998 High No Information disclosure
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of...