Gnu

Glibc

152 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2017-1000409

Exploit
  • EPSS 1.77%
  • Published 01.02.2018 04:29:00
  • Last modified 21.11.2024 03:04:40

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

7.8

CVE-2018-1000001

Exploit
  • EPSS 44.63%
  • Published 31.01.2018 14:29:00
  • Last modified 21.11.2024 03:39:23

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

9.3

CVE-2017-16997

  • EPSS 0.61%
  • Published 18.12.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the cu...

8.1

CVE-2017-17426

Exploit
  • EPSS 0.36%
  • Published 05.12.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occu...

9.8

CVE-2017-15804

  • EPSS 0.24%
  • Published 22.10.2017 20:29:02
  • Last modified 20.04.2025 01:37:25

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

9.8

CVE-2017-15670

  • EPSS 0.22%
  • Published 20.10.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

5.9

CVE-2017-15671

  • EPSS 0.37%
  • Published 20.10.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (mem...

6.2

CVE-2011-5320

Exploit
  • EPSS 0.06%
  • Published 18.10.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

5.9

CVE-2017-12133

  • EPSS 0.37%
  • Published 07.09.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

5.9

CVE-2017-12132

  • EPSS 0.24%
  • Published 01.08.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.