glibc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description GNU C Library
Version 2.28-5 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-831 2.28-5 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2018-19591 AVG-831 Medium Yes Denial of service
A file descriptor leak has been found in glibc <= 2.28, in the if_nametoindex() function, when processing getaddrinfo() calls with crafted interface names.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-590 2.26-10 2.26-11 High Fixed
AVG-460 2.26-8 2.26-9 High Fixed
AVG-368 2.25-7 2.26-1 Critical Fixed
AVG-307 2.25-3 2.25-4 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-1000001 AVG-590 High No Privilege escalation
A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not...
CVE-2017-15671 AVG-460 Medium Yes Denial of service
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when...
CVE-2017-15670 AVG-460 High Yes Arbitrary code execution
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- one error leading to a heap-based buffer overflow in the glob function in glob.c,...
CVE-2017-12133 AVG-368 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 2.26, in clntudp_call in the Sun RPC system.
CVE-2017-12132 AVG-368 Medium Yes Content spoofing
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from...
CVE-2017-1000366 AVG-307 High No Privilege escalation
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions...

Advisories

Date Advisory Group Severity Description
10 Jan 2018 ASA-201801-9 AVG-460 High multiple issues
28 Jan 2018 ASA-201801-18 AVG-590 High privilege escalation
20 Jun 2017 ASA-201706-23 AVG-307 High privilege escalation