Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Glibc
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 144 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-20 | CVE-2015-8777 | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | Glibc | 5.5 | ||
| 2016-04-19 | CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.1 | ||
| 2014-07-29 | CVE-2014-0475 | Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. | Glibc | N/A | ||
| 2013-10-04 | CVE-2013-4788 | The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | Eglibc, Glibc | N/A | ||
| 2013-10-09 | CVE-2013-2207 | pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | Fedora, Glibc | N/A | ||
| 2013-02-08 | CVE-2013-0242 | Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. | Glibc | N/A | ||
| 2013-10-09 | CVE-2012-4424 | Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. | Glibc | N/A | ||
| 2014-02-10 | CVE-2012-3406 | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different... | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A | ||
| 2014-02-10 | CVE-2012-3405 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A | ||
| 2014-02-10 | CVE-2012-3404 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A |