Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Glibc
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 144 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-01-13 | CVE-2010-4052 | Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. | Glibc | N/A | ||
| 2010-01-14 | CVE-2010-0015 | nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. | Glibc | N/A | ||
| 2019-04-10 | CVE-2006-7254 | The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | Glibc | 5.5 | ||
| 2019-04-10 | CVE-2005-3590 | The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | Glibc | 9.8 | ||
| 2004-12-31 | CVE-2004-1453 | GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. | Glibc | N/A | ||
| 2004-12-31 | CVE-2004-1382 | The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. | Glibc | N/A | ||
| 2005-02-09 | CVE-2004-0968 | The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. | Glibc, Enterprise_linux, Enterprise_linux_desktop | N/A | ||
| 2003-12-15 | CVE-2003-0859 | The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | Glibc, Zebra, Ia64, Quagga_routing_software_suite, Enterprise_linux, Linux_advanced_workstation, Propack | N/A | ||
| 2002-11-12 | CVE-2002-1265 | The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | Mac_os_x, Mac_os_x_server, Glibc, Irix | N/A | ||
| 2002-10-11 | CVE-2002-1146 | The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | Glibc | N/A |