Gnu

Glibc

157 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2006-7254

  • EPSS 0.04%
  • Veröffentlicht 10.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 00:24:44

The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

7.5

CVE-2019-9192

Exploit
  • EPSS 0.81%
  • Veröffentlicht 26.02.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:10

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer dispute...

7.5

CVE-2009-5155

Exploit
  • EPSS 1.35%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 01:11:17

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting ...

7.5

CVE-2018-20796

Exploit
  • EPSS 1.53%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:11

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

9.8

CVE-2019-9169

Exploit
  • EPSS 13.73%
  • Veröffentlicht 26.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:07

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

5.5

CVE-2019-7309

Exploit
  • EPSS 0.17%
  • Veröffentlicht 03.02.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:58

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

5.3

CVE-2016-10739

  • EPSS 0.02%
  • Veröffentlicht 21.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:38

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha...

7.8

CVE-2019-6488

  • EPSS 0.15%
  • Veröffentlicht 18.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:32

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecif...

7.5

CVE-2018-19591

Exploit
  • EPSS 1.36%
  • Veröffentlicht 04.12.2018 16:29:00
  • Zuletzt bearbeitet 03.12.2025 19:15:47

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

9.8

CVE-2017-18269

  • EPSS 1.11%
  • Veröffentlicht 18.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:43

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range sp...