Gnu

Glibc

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2009-5155

Exploit
  • EPSS 1.35%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 01:11:17

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting ...

7.5

CVE-2018-20796

Exploit
  • EPSS 1.49%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:11

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

9.8

CVE-2019-9169

Exploit
  • EPSS 13.73%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:07

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

5.5

CVE-2019-7309

Exploit
  • EPSS 0.22%
  • Veröffentlicht 03.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:58

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

5.3

CVE-2016-10739

  • EPSS 0.04%
  • Veröffentlicht 21.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:38

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha...

7.8

CVE-2019-6488

  • EPSS 0.15%
  • Veröffentlicht 18.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:32

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecif...

7.5

CVE-2018-19591

Exploit
  • EPSS 1.46%
  • Veröffentlicht 04.12.2018 16:29:00
  • Zuletzt bearbeitet 03.12.2025 19:15:47

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

9.8

CVE-2017-18269

  • EPSS 1.03%
  • Veröffentlicht 18.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:43

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range sp...

9.8

CVE-2018-11236

  • EPSS 0.89%
  • Veröffentlicht 18.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:57

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer over...

7.8

CVE-2018-11237

  • EPSS 0.8%
  • Veröffentlicht 18.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:58

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.