glibc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description GNU C Library
Version 2.29-4 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-855 2.29-4 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2019-9169 AVG-855 High No Arbitrary code execution
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-831 2.28-5 2.29-1 Medium Fixed
AVG-590 2.26-10 2.26-11 High Fixed
AVG-460 2.26-8 2.26-9 High Fixed
AVG-368 2.25-7 2.26-1 Critical Fixed
AVG-307 2.25-3 2.25-4 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-1000001 AVG-590 High No Privilege escalation
A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not...
CVE-2018-19591 AVG-831 Medium Yes Denial of service
A file descriptor leak has been found in glibc <= 2.28, in the if_nametoindex() function, when processing getaddrinfo() calls with crafted interface names.
CVE-2017-1000366 AVG-307 High No Privilege escalation
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions...
CVE-2017-15671 AVG-460 Medium Yes Denial of service
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when...
CVE-2017-15670 AVG-460 High Yes Arbitrary code execution
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- one error leading to a heap-based buffer overflow in the glob function in glob.c,...
CVE-2017-12133 AVG-368 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 2.26, in clntudp_call in the Sun RPC system.
CVE-2017-12132 AVG-368 Medium Yes Content spoofing
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from...

Advisories

Date Advisory Group Severity Description
10 Jan 2018 ASA-201801-9 AVG-460 High multiple issues
28 Jan 2018 ASA-201801-18 AVG-590 High privilege escalation
20 Jun 2017 ASA-201706-23 AVG-307 High privilege escalation