CVE-2023-25139 |
AVG-2833 |
Unknown |
Unknown |
Unknown |
buffer overflow in sprintf(3) due to a regression where after the refactor the implementation does not account for grouping characters during padding of the width |
CVE-2021-43396 |
AVG-1621 |
Medium |
Yes |
Incorrect calculation |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted... |
CVE-2021-38604 |
AVG-2293 |
Low |
Yes |
Denial of service |
In librt in the GNU C Library (aka glibc) in version 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL... |
CVE-2021-35942 |
AVG-1621 |
Medium |
Yes |
Information disclosure |
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with... |
CVE-2021-33574 |
AVG-1621 |
Low |
No |
Arbitrary code execution |
The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed... |
CVE-2021-27645 |
AVG-1621 |
Low |
Yes |
Denial of service |
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash... |
CVE-2021-3999 |
AVG-1621 |
High |
No |
Arbitrary code execution |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A... |
CVE-2021-3998 |
AVG-1621 |
High |
No |
Information disclosure |
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of... |
CVE-2021-3326 |
AVG-1320 |
Low |
No |
Denial of service |
The iconv function in glibc version 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code... |
CVE-2020-29573 |
AVG-1324 |
Medium |
No |
Arbitrary code execution |
sysdeps/i386/ldbl2mpn.c in glibc before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an... |
CVE-2020-29562 |
AVG-1320 |
Low |
No |
Denial of service |
The iconv function in glibc version 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and... |
CVE-2020-27618 |
AVG-1320 |
Low |
No |
Denial of service |
A flaw was found in glibc up to version 2.32. If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371,... |
CVE-2019-25013 |
AVG-1320 |
Low |
No |
Denial of service |
The iconv feature in glibc up to version 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. The... |
CVE-2019-9169 |
AVG-855 |
High |
No |
Information disclosure |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted... |
CVE-2018-1000001 |
AVG-590 |
High |
No |
Privilege escalation |
A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not... |
CVE-2018-19591 |
AVG-831 |
Medium |
Yes |
Denial of service |
A file descriptor leak has been found in glibc <= 2.28, in the if_nametoindex() function, when processing getaddrinfo() calls with crafted interface names. |
CVE-2017-1000366 |
AVG-307 |
High |
No |
Privilege escalation |
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions... |
CVE-2017-15671 |
AVG-460 |
Medium |
Yes |
Denial of service |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when... |
CVE-2017-15670 |
AVG-460 |
High |
Yes |
Arbitrary code execution |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- one error leading to a heap-based buffer overflow in the glob function in glob.c,... |
CVE-2017-12133 |
AVG-368 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 2.26, in clntudp_call in the Sun RPC system. |
CVE-2017-12132 |
AVG-368 |
Medium |
Yes |
Content spoofing |
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from... |
CVE-2016-10739 |
AVG-1984 |
Medium |
No |
Open redirect |
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed... |