sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
Max CVSS
9.8
Published
2023-02-03
Updated
2023-03-02
EPSS
0.11%
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
Max CVSS
9.8
Published
2023-02-06
Updated
2024-02-14
EPSS
0.10%
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Max CVSS
9.8
Published
2023-02-20
Updated
2023-10-14
EPSS
0.08%
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
Max CVSS
9.8
Published
2022-08-18
Updated
2022-08-19
EPSS
0.17%
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
Published
2022-01-14
Updated
2022-11-08
EPSS
0.46%
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
Published
2022-01-14
Updated
2022-11-08
EPSS
0.46%
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Max CVSS
9.1
Published
2022-10-24
Updated
2023-01-20
EPSS
0.31%
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
Max CVSS
9.0
Published
2021-11-07
Updated
2021-11-09
EPSS
0.37%
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Max CVSS
9.1
Published
2021-07-22
Updated
2022-11-08
EPSS
1.00%
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Max CVSS
9.8
Published
2021-05-25
Updated
2022-11-08
EPSS
1.39%
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
Max CVSS
9.8
Published
2021-12-02
Updated
2021-12-06
EPSS
0.23%
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Max CVSS
9.8
Published
2021-02-09
Updated
2022-05-06
EPSS
1.45%
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Max CVSS
9.8
Published
2021-03-12
Updated
2021-05-17
EPSS
0.67%
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Max CVSS
9.8
Published
2021-03-12
Updated
2021-06-01
EPSS
1.09%
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
Max CVSS
10.0
Published
2021-03-25
Updated
2023-11-25
EPSS
0.36%
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Max CVSS
9.8
Published
2020-02-24
Updated
2022-01-01
EPSS
0.43%
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
Max CVSS
9.8
Published
2019-07-15
Updated
2021-06-10
EPSS
0.34%
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
Max CVSS
9.8
Published
2020-07-16
Updated
2020-07-22
EPSS
0.44%
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
Max CVSS
9.1
Published
2020-01-27
Updated
2020-01-31
EPSS
0.22%
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
Max CVSS
9.8
Published
2019-10-21
Updated
2019-10-29
EPSS
2.09%
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
Max CVSS
9.1
Published
2019-10-14
Updated
2021-08-02
EPSS
1.08%
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
Max CVSS
9.3
Published
2019-07-26
Updated
2019-08-16
EPSS
0.39%
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
Max CVSS
9.1
Published
2019-03-14
Updated
2022-05-25
EPSS
0.66%
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
Max CVSS
9.1
Published
2019-03-14
Updated
2022-05-25
EPSS
0.66%
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Max CVSS
9.8
Published
2019-02-26
Updated
2022-06-13
EPSS
0.38%
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!