CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU » Glibc : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000366 119 Exec Code Overflow 2017-06-19 2017-08-11
7.2
None Local Low Not required Complete Complete Complete
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
2 CVE-2017-12133 19 2017-09-07 2017-09-14
4.3
None Remote Medium Not required None Partial None
The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation.
3 CVE-2017-12132 19 2017-08-01 2017-08-04
4.3
None Remote Medium Not required None Partial None
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
4 CVE-2017-8804 502 DoS 2017-05-07 2017-05-15
7.8
None Remote Low Not required None None Complete
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
5 CVE-2016-10228 20 DoS 2017-03-01 2017-03-03
4.3
None Remote Medium Not required None None Partial
The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
6 CVE-2016-6323 284 DoS 2016-10-07 2017-06-30
5.0
None Remote Low Not required None None Partial
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
7 CVE-2016-5417 399 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
8 CVE-2016-4429 20 DoS Overflow 2016-06-10 2017-02-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
9 CVE-2016-3706 20 DoS Overflow 2016-06-10 2017-02-01
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
10 CVE-2016-3075 119 DoS Overflow 2016-06-01 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
11 CVE-2016-1234 119 DoS Overflow 2016-06-01 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
12 CVE-2015-8985 19 DoS 2017-03-20 2017-03-23
4.3
None Remote Medium Not required None None Partial
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
13 CVE-2015-8984 125 DoS 2017-03-20 2017-03-22
4.3
None Remote Medium Not required None None Partial
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
14 CVE-2015-8983 190 DoS Exec Code Overflow 2017-03-20 2017-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
15 CVE-2015-8982 190 DoS Exec Code Overflow 2017-03-15 2017-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
16 CVE-2015-8779 119 DoS Exec Code Overflow 2016-04-19 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
17 CVE-2015-8778 119 DoS Exec Code Overflow 2016-04-19 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
18 CVE-2015-8777 254 Bypass 2016-01-20 2017-06-30
2.1
None Local Low Not required None Partial None
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
19 CVE-2015-8776 189 DoS +Info 2016-04-19 2017-06-30
6.4
None Remote Low Not required Partial None Partial
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
20 CVE-2015-7547 119 DoS Exec Code Overflow 2016-02-18 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
21 CVE-2015-5277 119 DoS Overflow +Priv 2015-12-17 2017-06-30
7.2
None Local Low Not required Complete Complete Complete
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
22 CVE-2015-5180 476 DoS 2017-06-27 2017-07-03
5.0
None Remote Low Not required None None Partial
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
23 CVE-2015-1781 119 DoS Exec Code Overflow 2015-09-28 2016-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
24 CVE-2015-1473 119 DoS Overflow 2015-04-08 2016-11-28
6.4
None Remote Low Not required None Partial Partial
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
25 CVE-2015-1472 119 DoS Overflow 2015-04-08 2016-10-14
7.5
None Remote Low Not required Partial Partial Partial
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
26 CVE-2015-0235 119 Exec Code Overflow 2015-01-28 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
27 CVE-2014-9984 119 Exec Code Overflow 2017-06-12 2017-06-16
7.5
None Remote Low Not required Partial Partial Partial
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
28 CVE-2014-9761 119 DoS Exec Code Overflow 2016-04-19 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
29 CVE-2014-9402 399 DoS 2015-02-24 2016-06-10
7.8
None Remote Low Not required None None Complete
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
30 CVE-2014-8121 17 DoS 2015-03-27 2016-12-02
5.0
None Remote Low Not required None None Partial
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
31 CVE-2014-7817 20 Exec Code 2014-11-24 2017-09-07
4.6
None Local Low Not required Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
32 CVE-2014-6040 119 DoS Overflow 2014-12-05 2017-01-02
5.0
None Remote Low Not required None None Partial
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
33 CVE-2014-5119 189 DoS Exec Code 2014-08-29 2017-01-06
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
34 CVE-2014-4043 94 2014-10-06 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
35 CVE-2014-0475 22 Dir. Trav. Bypass 2014-07-29 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
36 CVE-2013-7424 17 DoS Exec Code 2015-08-26 2016-11-28
5.1
None Remote High Not required Partial Partial Partial
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
37 CVE-2013-7423 17 2015-02-24 2016-07-20
5.0
None Remote Low Not required None Partial None
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
38 CVE-2013-4788 20 Overflow 2013-10-04 2017-06-30
5.1
None Remote High Not required Partial Partial Partial
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
39 CVE-2013-4458 119 DoS Overflow 2013-12-12 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
40 CVE-2013-4332 189 DoS Overflow 2013-10-09 2017-06-30
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
41 CVE-2013-4237 119 DoS Exec Code Overflow 2013-10-09 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
42 CVE-2013-2207 264 2013-10-09 2017-06-30
2.6
None Local High Not required Partial Partial None
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
43 CVE-2013-1914 119 DoS Overflow 2013-04-29 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
44 CVE-2013-0242 119 DoS Overflow Mem. Corr. 2013-02-08 2017-08-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
45 CVE-2012-6656 20 DoS 2014-12-05 2017-06-30
5.0
None Remote Low Not required None None Partial
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
46 CVE-2012-4424 119 DoS Exec Code Overflow 2013-10-09 2017-06-30
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.
47 CVE-2012-4412 189 DoS Exec Code Overflow 2013-10-09 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
48 CVE-2012-3480 189 DoS Exec Code Overflow 2012-08-25 2017-06-30
4.6
None Local Low Not required Partial Partial Partial
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
49 CVE-2012-3406 264 DoS Exec Code Bypass 2014-02-10 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
50 CVE-2012-3405 189 DoS Bypass 2014-02-10 2017-06-30
5.0
None Remote Low Not required None None Partial
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.