Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu glibc vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-17426
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cach...
Gnu Glibc 2.26
NA
CVE-2000-0959
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
Gnu Glibc 2.1.3.10
7.8
CVSSv3
CVE-2017-1000408
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Gnu Glibc 2.1.1
1 EDB exploit
7
CVSSv3
CVE-2017-1000409
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Gnu Glibc 2.5
1 EDB exploit
7.5
CVSSv3
CVE-2017-8804
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote malicious users to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not u...
Gnu Glibc 2.25
1 Github repository
7.5
CVSSv3
CVE-2016-3706
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote malicious users to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of...
Opensuse Opensuse 13.2
Gnu Glibc
3 Github repositories
1 Article
5.3
CVSSv3
CVE-2016-10739
In the GNU C Library (aka glibc or libc6) up to and including 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a ...
Gnu Glibc
Opensuse Leap 15.0
4 Github repositories
NA
CVE-2014-4043
The posix_spawn_file_actions_addopen function in glibc prior to 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent malicious users to trigger use-after-free vulnerabilities.
Gnu Glibc
Opensuse Opensuse 13.1
1 Github repository
NA
CVE-2002-0684
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and previous versions, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnet...
Isc Bind 4.9.8
Gnu Glibc
7.8
CVSSv3
CVE-2023-6246
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program ...
Gnu Glibc
Fedoraproject Fedora 38
Fedoraproject Fedora 39
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »