Gnu

Glibc

157 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-38604

Exploit
  • EPSS 0.1%
  • Veröffentlicht 12.08.2021 16:15:10
  • Zuletzt bearbeitet 30.05.2025 19:15:26

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 ...

9.1

CVE-2021-35942

  • EPSS 1.11%
  • Veröffentlicht 22.07.2021 18:15:23
  • Zuletzt bearbeitet 13.02.2026 21:16:11

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of in...

9.8

CVE-2021-33574

Exploit
  • EPSS 0.12%
  • Veröffentlicht 25.05.2021 22:15:10
  • Zuletzt bearbeitet 21.11.2024 06:09:07

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to...

5.5

CVE-2020-27618

Exploit
  • EPSS 0.05%
  • Veröffentlicht 26.02.2021 23:15:11
  • Zuletzt bearbeitet 09.06.2025 16:15:31

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an i...

2.5

CVE-2021-27645

  • EPSS 0.04%
  • Veröffentlicht 24.02.2021 15:15:13
  • Zuletzt bearbeitet 09.06.2025 15:15:25

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the loc...

7.5

CVE-2021-3326

  • EPSS 0.17%
  • Veröffentlicht 27.01.2021 20:15:14
  • Zuletzt bearbeitet 09.06.2025 16:15:32

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of ser...

7.1

CVE-2019-25013

  • EPSS 0.81%
  • Veröffentlicht 04.01.2021 18:15:13
  • Zuletzt bearbeitet 09.06.2025 16:15:30

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

7.5

CVE-2020-29573

  • EPSS 0.16%
  • Veröffentlicht 06.12.2020 00:15:11
  • Zuletzt bearbeitet 21.11.2024 05:24:14

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen wh...

4.8

CVE-2020-29562

Exploit
  • EPSS 0.05%
  • Veröffentlicht 04.12.2020 07:15:11
  • Zuletzt bearbeitet 09.06.2025 16:15:32

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

9.8

CVE-1999-0199

Exploit
  • EPSS 0.79%
  • Veröffentlicht 06.10.2020 13:15:13
  • Zuletzt bearbeitet 20.11.2024 23:28:06

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was...