Search CVE reports
21 – 30 of 157 results
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch...
2 affected packages
glibc, eglibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| glibc | Not affected | Not affected | Not affected | Not affected |
| eglibc | Not in release | Not in release | Not in release | Not in release |
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
8 affected packages
eglibc, glibc, syslinux-legacy, dietlibc, sssd...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Ignored | Ignored | Ignored | Ignored |
| syslinux-legacy | Not in release | Not in release | Ignored | Ignored |
| dietlibc | Ignored | Ignored | Ignored | Ignored |
| sssd | Ignored | Ignored | Ignored | Ignored |
| syslinux | Ignored | Ignored | Ignored | Ignored |
| zabbix | Not in release | Ignored | Ignored | Ignored |
| uclibc | — | — | — | — |
Some fixes available 5 of 6
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
Some fixes available 1 of 2
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 5
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
Some fixes available 4 of 5
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This...
2 affected packages
glibc, eglibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| glibc | — | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | Not in release |