📦 Glibc

CVE-2023-25139 is a buffer overflow vulnerability in glibc's sprintf function that occurs when formatting numbers with thousands separators and padding. This allows attackers to write beyond allocated...

A buffer overflow vulnerability in glibc's sunrpc module allows attackers to execute arbitrary code or cause denial of service. This affects applications using the deprecated svcunix_create function o...

This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malicious input. It affects any application using glibc'...

This CVE describes a use-after-free vulnerability in the GNU C Library (glibc) mq_notify function affecting versions 2.32 and 2.33. Attackers could exploit this to cause denial of service (application...

This CVE describes a documentation issue in glibc's tdelete function where the return value behavior when deleting a tree's root was unspecified. This could lead developers to write code that accesses...

A memory corruption vulnerability in GNU C Library's wordexp function when using WRDE_REUSE with WRDE_APPEND flags can return uninitialized memory. This may cause process crashes during subsequent wor...

This vulnerability in GNU C Library (glibc) allows stack memory contents to be leaked to DNS resolvers when getnetbyaddr functions query for a zero-valued network with DNS backend configured. It affec...

An integer overflow vulnerability in GNU C Library's memalign functions (memalign, posix_memalign, aligned_alloc) can lead to heap corruption when both size and alignment parameters are attacker-contr...

This vulnerability in GNU C Library (glibc) versions 2.27 to 2.38 allows attackers to load malicious shared libraries via the LD_LIBRARY_PATH environment variable in statically compiled setuid binarie...

A stack-based buffer overflow vulnerability in nscd (Name Service Cache Daemon) allows attackers to execute arbitrary code or crash the service when netgroup cache is exhausted. This affects systems r...

A memory allocation failure in nscd's netgroup cache can cause the daemon to terminate, resulting in denial of service for clients relying on name service caching. This affects systems running glibc 2...

A heap-based buffer overflow in glibc's syslog functions allows attackers to crash applications or potentially escalate privileges locally. This affects programs using syslog/vsyslog without proper op...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment va...

CVE-2023-5156 is a memory leak vulnerability in the GNU C Library (glibc) introduced by a previous fix for CVE-2023-4806. This flaw can cause applications to crash due to memory exhaustion, affecting ...

A Power10-specific optimization bug in GNU C Library's strncmp function corrupts non-volatile vector registers, potentially altering program control flow or leaking sensitive string data. This affects...

This vulnerability in GNU C Library's Power10-optimized strcmp function corrupts non-volatile vector registers, potentially altering program control flow or leaking sensitive string data. It affects s...