Search CVE reports
21 – 30 of 144 results
CVE-2021-3998
Medium prioritySome fixes available 1 of 2
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | — | Not in release | Not in release | Not in release | Not in release |
glibc | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-23219
Low prioritySome fixes available 4 of 5
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2022-23218
Low prioritySome fixes available 4 of 5
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2021-43396
Medium priority** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset....
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | — | Not in release | Not in release | Not in release | Not in release |
glibc | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-38604
Medium priorityIn librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | — | Not in release | Not in release | Not in release | Not in release |
glibc | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-35942
Low prioritySome fixes available 3 of 6
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2021-33574
Low priorityThe mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | — | Not in release | Not in release | Not in release | Not in release |
glibc | — | Not affected | Ignored | Ignored | Ignored |
CVE-2020-27618
Low prioritySome fixes available 3 of 5
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state,...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2021-27645
Low prioritySome fixes available 1 of 2
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Not affected | Not affected |
CVE-2021-3326
Low prioritySome fixes available 3 of 5
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially...
2 affected packages
eglibc, glibc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
eglibc | Not in release | Not in release | Not in release | Not in release | Not in release |
glibc | Not affected | Not affected | Fixed | Fixed | Fixed |