An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-08-31
Updated
2024-02-04
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-08-24
Updated
2023-02-12
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Max CVSS
7.5
EPSS Score
0.19%
Published
2022-08-24
Updated
2023-02-12
5 vulnerabilities found