glibc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description GNU C Library
Version 2.40+r16+gaa533d58ff-2 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2833 2.37-1 2.37-2 Unknown Fixed
AVG-2293 2.33-5 Low Not affected
AVG-1984 2.28-6 2.29-1 Medium Fixed
AVG-1621 2.33-5 2.34-1 High Fixed
AVG-1324 2.32-5 Medium Not affected
AVG-1320 2.32-5 2.33-1 Low Fixed
AVG-855 2.29-4 2.30-1 High Fixed
AVG-831 2.28-5 2.29-1 Medium Fixed
AVG-590 2.26-10 2.26-11 High Fixed
AVG-460 2.26-8 2.26-9 High Fixed
AVG-368 2.25-7 2.26-1 Critical Fixed
AVG-307 2.25-3 2.25-4 High Fixed
Issue Group Severity Remote Type Description
CVE-2023-25139 AVG-2833 Unknown Unknown Unknown
buffer overflow in sprintf(3) due to a regression where after the refactor the implementation does not account for grouping characters during padding of the width
CVE-2021-43396 AVG-1621 Medium Yes Incorrect calculation
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted...
CVE-2021-38604 AVG-2293 Low Yes Denial of service
In librt in the GNU C Library (aka glibc) in version 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL...
CVE-2021-35942 AVG-1621 Medium Yes Information disclosure
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with...
CVE-2021-33574 AVG-1621 Low No Arbitrary code execution
The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed...
CVE-2021-27645 AVG-1621 Low Yes Denial of service
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash...
CVE-2021-3999 AVG-1621 High No Arbitrary code execution
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A...
CVE-2021-3998 AVG-1621 High No Information disclosure
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of...
CVE-2021-3326 AVG-1320 Low No Denial of service
The iconv function in glibc version 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code...
CVE-2020-29573 AVG-1324 Medium No Arbitrary code execution
sysdeps/i386/ldbl2mpn.c in glibc before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an...
CVE-2020-29562 AVG-1320 Low No Denial of service
The iconv function in glibc version 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and...
CVE-2020-27618 AVG-1320 Low No Denial of service
A flaw was found in glibc up to version 2.32. If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371,...
CVE-2019-25013 AVG-1320 Low No Denial of service
The iconv feature in glibc up to version 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. The...
CVE-2019-9169 AVG-855 High No Information disclosure
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted...
CVE-2018-1000001 AVG-590 High No Privilege escalation
A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not...
CVE-2018-19591 AVG-831 Medium Yes Denial of service
A file descriptor leak has been found in glibc <= 2.28, in the if_nametoindex() function, when processing getaddrinfo() calls with crafted interface names.
CVE-2017-1000366 AVG-307 High No Privilege escalation
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions...
CVE-2017-15671 AVG-460 Medium Yes Denial of service
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when...
CVE-2017-15670 AVG-460 High Yes Arbitrary code execution
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- one error leading to a heap-based buffer overflow in the glob function in glob.c,...
CVE-2017-12133 AVG-368 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 2.26, in clntudp_call in the Sun RPC system.
CVE-2017-12132 AVG-368 Medium Yes Content spoofing
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from...
CVE-2016-10739 AVG-1984 Medium No Open redirect
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed...

Advisories

Date Advisory Group Severity Type
07 Feb 2021 ASA-202102-17 AVG-1320 Low denial of service
03 Nov 2019 ASA-201911-3 AVG-855 High information disclosure
10 Jan 2018 ASA-201801-9 AVG-460 High multiple issues
28 Jan 2018 ASA-201801-18 AVG-590 High privilege escalation
20 Jun 2017 ASA-201706-23 AVG-307 High privilege escalation