GNU : Security Vulnerabilities, CVEs, (Denial of service) CVSS score >= 6
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-16
Updated
2024-03-05
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-02
Updated
2024-01-08
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-04-08
Updated
2023-04-19
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-05-18
Updated
2024-04-11
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-05
Updated
2022-10-01
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-05
Updated
2022-10-01
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-06
Updated
2023-02-12
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Max CVSS
7.8
EPSS Score
0.14%
Published
2021-12-15
Updated
2022-09-28
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
Max CVSS
6.5
EPSS Score
0.07%
Published
2021-09-20
Updated
2021-09-24
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
Max CVSS
6.5
EPSS Score
0.07%
Published
2021-09-20
Updated
2021-09-24
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Max CVSS
9.1
EPSS Score
1.14%
Published
2021-07-22
Updated
2022-11-08
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Max CVSS
9.8
EPSS Score
1.39%
Published
2021-05-25
Updated
2022-11-08
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Max CVSS
9.8
EPSS Score
1.45%
Published
2021-02-09
Updated
2022-05-06
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Max CVSS
6.5
EPSS Score
0.21%
Published
2022-08-24
Updated
2022-10-27
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Max CVSS
6.5
EPSS Score
0.32%
Published
2022-09-01
Updated
2024-01-22
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Max CVSS
7.5
EPSS Score
1.34%
Published
2021-01-27
Updated
2022-11-04
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-05-17
Updated
2021-05-21
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-05-17
Updated
2021-05-21
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Max CVSS
6.5
EPSS Score
0.36%
Published
2023-08-22
Updated
2023-12-13
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Max CVSS
6.5
EPSS Score
0.30%
Published
2023-08-22
Updated
2023-12-13