Search CVE reports


Toggle filters

11 – 20 of 144 results


CVE-2023-5156

Medium priority

Some fixes available 5 of 6

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-4806

Low priority

Some fixes available 8 of 9

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-4527

Medium priority
Fixed

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-4813

Low priority

Some fixes available 4 of 5

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2015-20109

Medium priority
Fixed

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-0687

Low priority
Not affected

** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release
glibc Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-25139

Medium priority
Fixed

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release
glibc Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-39046

Medium priority
Not affected

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release
glibc Not affected Not affected Not affected Not affected
Show less packages

CVE-2016-20013

Negligible priority
Vulnerable

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

8 affected packages

dietlibc, eglibc, glibc, sssd, syslinux...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dietlibc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
sssd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syslinux Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syslinux-legacy Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
uclibc Ignored
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2021-3999

Medium priority

Some fixes available 5 of 6

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to...

2 affected packages

eglibc, glibc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eglibc Not in release Not in release Not in release Not in release Not in release
glibc Not affected Not affected Fixed Fixed Fixed
Show less packages