Filtered by vendor Gnu
Subscriptions
Filtered by product Glibc
Subscriptions
Total
167 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3999 | 4 Debian, Gnu, Netapp and 1 more | 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more | 2025-12-02 | 7.8 High |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | ||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 23 Fedora, Glibc, Active Iq Unified Manager and 20 more | 2025-11-11 | 5.9 Medium |
| A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | ||||
| CVE-2010-4756 | 1 Gnu | 1 Glibc | 2025-11-03 | N/A |
| The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | ||||
| CVE-2025-5745 | 1 Gnu | 1 Glibc | 2025-10-22 | 5.6 Medium |
| The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | ||||
| CVE-2025-5702 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-10-01 | 5.6 Medium |
| The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | ||||
| CVE-2021-3326 | 6 Debian, Fujitsu, Gnu and 3 more | 18 Debian Linux, M10-1, M10-1 Firmware and 15 more | 2025-06-09 | 7.5 High |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2020-29562 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Glibc, E-series Santricity Os Controller | 2025-06-09 | 4.8 Medium |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2020-27618 | 5 Debian, Gnu, Netapp and 2 more | 25 Debian Linux, Glibc, 500f and 22 more | 2025-06-09 | 5.5 Medium |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | ||||
| CVE-2019-25013 | 6 Broadcom, Debian, Fedoraproject and 3 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2025-06-09 | 5.9 Medium |
| The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | ||||
| CVE-2021-3998 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2025-06-09 | 7.5 High |
| A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | ||||
| CVE-2021-27645 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Glibc and 1 more | 2025-06-09 | 2.5 Low |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | ||||
| CVE-2021-38604 | 3 Fedoraproject, Gnu, Oracle | 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2025-05-30 | 7.5 High |
| In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | ||||
| CVE-2022-23219 | 4 Debian, Gnu, Oracle and 1 more | 9 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 6 more | 2025-05-05 | 9.8 Critical |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-23218 | 4 Debian, Gnu, Oracle and 1 more | 5 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 2 more | 2025-05-05 | 9.8 Critical |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2015-8984 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. | ||||
| CVE-2016-10228 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-20 | N/A |
| The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | ||||
| CVE-2015-8985 | 1 Gnu | 1 Glibc | 2025-04-20 | 5.9 Medium |
| The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | ||||
| CVE-2015-8983 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-5417 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. | ||||
| CVE-2014-9984 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | ||||