CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-7614 476 DoS 2017-04-09 2017-04-13
7.5
None Remote Low Not required Partial Partial Partial
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
2 CVE-2017-5357 416 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
3 CVE-2017-5335 125 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
4 CVE-2016-10228 20 DoS 2017-03-01 2017-03-03
4.3
None Remote Medium Not required None None Partial
The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
5 CVE-2016-6323 284 DoS 2016-10-07 2017-02-01
5.0
None Remote Low Not required None None Partial
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
6 CVE-2016-6263 125 DoS 2016-09-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
7 CVE-2016-6261 125 DoS 2016-09-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
8 CVE-2016-6131 20 DoS Overflow 2017-02-07 2017-02-09
5.0
None Remote Low Not required None None Partial
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
9 CVE-2016-5417 399 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
10 CVE-2016-4493 125 DoS 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
11 CVE-2016-4492 119 DoS Overflow 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.
12 CVE-2016-4491 119 DoS Overflow 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."
13 CVE-2016-4490 190 DoS Overflow 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.
14 CVE-2016-4489 190 DoS Overflow 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."
15 CVE-2016-4488 416 DoS 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
16 CVE-2016-4487 416 DoS 2017-02-24 2017-02-27
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
17 CVE-2016-4429 20 DoS Overflow 2016-06-10 2017-02-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
18 CVE-2016-4008 399 DoS 2016-05-05 2016-11-30
4.3
None Remote Medium Not required None None Partial
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
19 CVE-2016-3706 20 DoS Overflow 2016-06-10 2017-02-01
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
20 CVE-2016-3075 119 DoS Overflow 2016-06-01 2016-11-28
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
21 CVE-2016-2037 119 DoS Overflow 2016-02-22 2016-12-05
4.3
None Remote Medium Not required None None Partial
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
22 CVE-2016-1234 119 DoS Overflow 2016-06-01 2016-11-28
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
23 CVE-2015-8985 19 DoS 2017-03-20 2017-03-23
4.3
None Remote Medium Not required None None Partial
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
24 CVE-2015-8984 125 DoS 2017-03-20 2017-03-22
4.3
None Remote Medium Not required None None Partial
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
25 CVE-2015-8983 190 DoS Exec Code Overflow 2017-03-20 2017-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
26 CVE-2015-8982 190 DoS Exec Code Overflow 2017-03-15 2017-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
27 CVE-2015-8779 119 DoS Exec Code Overflow 2016-04-19 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
28 CVE-2015-8778 119 DoS Exec Code Overflow 2016-04-19 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
29 CVE-2015-8776 189 DoS +Info 2016-04-19 2016-12-02
6.4
None Remote Low Not required Partial None Partial
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
30 CVE-2015-8370 264 DoS Mem. Corr. Bypass +Info 2015-12-16 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
31 CVE-2015-7547 119 DoS Exec Code Overflow 2016-02-18 2017-02-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
32 CVE-2015-6806 119 DoS Overflow 2015-09-28 2015-09-29
5.0
None Remote Low Not required None None Partial
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
33 CVE-2015-6251 DoS 2015-08-24 2016-12-23
5.0
None Remote Low Not required None None Partial
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
34 CVE-2015-5277 119 DoS Overflow +Priv 2015-12-17 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
35 CVE-2015-3622 119 DoS Overflow 2015-05-12 2017-01-02
4.3
None Remote Medium Not required None None Partial
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
36 CVE-2015-3308 DoS 2015-09-02 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
37 CVE-2015-1781 119 DoS Exec Code Overflow 2015-09-28 2016-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
38 CVE-2015-1473 119 DoS Overflow 2015-04-08 2016-11-28
6.4
None Remote Low Not required None Partial Partial
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
39 CVE-2015-1472 119 DoS Overflow 2015-04-08 2016-10-14
7.5
None Remote Low Not required Partial Partial Partial
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
40 CVE-2015-1345 119 DoS Overflow 2015-02-12 2016-12-23
2.1
None Local Low Not required None None Partial
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
41 CVE-2014-9761 119 DoS Exec Code Overflow 2016-04-19 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
42 CVE-2014-9471 20 DoS Exec Code 2015-01-16 2015-04-08
7.5
None Remote Low Not required Partial Partial Partial
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
43 CVE-2014-9402 399 DoS 2015-02-24 2016-06-10
7.8
None Remote Low Not required None None Complete
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
44 CVE-2014-9112 119 DoS Overflow 2014-12-02 2017-01-02
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
45 CVE-2014-8738 119 DoS Overflow 2015-01-15 2016-11-28
5.0
None Remote Low Not required None None Partial
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
46 CVE-2014-8564 310 DoS 2014-11-13 2016-09-08
5.0
None Remote Low Not required None None Partial
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
47 CVE-2014-8504 119 DoS Overflow 2014-12-09 2016-08-25
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
48 CVE-2014-8503 119 DoS Overflow 2014-12-09 2016-10-14
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
49 CVE-2014-8502 119 DoS Overflow 2014-12-09 2016-10-14
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
50 CVE-2014-8501 119 DoS Overflow 2014-12-09 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
Total number of vulnerabilities : 159   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.