Gnu

Glibc

152 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-6040

Exploit
  • EPSS 7.8%
  • Published 05.12.2014 16:59:09
  • Last modified 12.04.2025 10:46:40

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937,...

5

CVE-2012-6656

Exploit
  • EPSS 1.41%
  • Published 05.12.2014 16:59:00
  • Last modified 12.04.2025 10:46:40

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to ...

4.6

CVE-2014-7817

  • EPSS 0.17%
  • Published 24.11.2014 15:59:01
  • Last modified 12.04.2025 10:46:40

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

6.8

CVE-2011-2702

Exploit
  • EPSS 4.49%
  • Published 27.10.2014 20:55:22
  • Last modified 12.04.2025 10:46:40

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy...

7.5

CVE-2014-4043

Exploit
  • EPSS 1.64%
  • Published 06.10.2014 23:55:08
  • Last modified 12.04.2025 10:46:40

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

7.5

CVE-2014-5119

  • EPSS 13.42%
  • Published 29.08.2014 16:55:11
  • Last modified 12.04.2025 10:46:40

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari...

6.8

CVE-2014-0475

  • EPSS 0.31%
  • Published 29.07.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG...

5

CVE-2012-3404

Exploit
  • EPSS 0.6%
  • Published 10.02.2014 18:15:10
  • Last modified 11.04.2025 00:51:21

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection ...

5

CVE-2012-3405

  • EPSS 0.67%
  • Published 10.02.2014 18:15:10
  • Last modified 11.04.2025 00:51:21

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection ...

6.8

CVE-2012-3406

  • EPSS 0.87%
  • Published 10.02.2014 18:15:10
  • Last modified 11.04.2025 00:51:21

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers...