Summary
Detail | |||
---|---|---|---|
Vendor | Gnu | First view | 2010-06-01 |
Product | Glibc | Last view | 2021-01-27 |
Version | 2.5.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:gnu:glibc |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2021-01-27 | CVE-2021-3326 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
5.9 | 2021-01-04 | CVE-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
7.5 | 2020-12-06 | CVE-2020-29573 | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. |
4.8 | 2020-12-04 | CVE-2020-29562 | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
7 | 2020-04-30 | CVE-2020-1752 | A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
7 | 2020-04-17 | CVE-2020-1751 | An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. |
8.1 | 2020-04-01 | CVE-2020-6096 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
5.5 | 2020-03-04 | CVE-2020-10029 | The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. |
3.3 | 2019-11-19 | CVE-2019-19126 | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
7.5 | 2019-02-26 | CVE-2019-9192 | ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. |
9.8 | 2019-02-25 | CVE-2019-9169 | In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
7.5 | 2019-02-25 | CVE-2018-20796 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
7.5 | 2019-02-25 | CVE-2009-5155 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. |
5.5 | 2019-02-02 | CVE-2019-7309 | In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
5.3 | 2019-01-21 | CVE-2016-10739 | In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. |
7.8 | 2019-01-18 | CVE-2019-6488 | The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. |
7.5 | 2018-12-04 | CVE-2018-19591 | In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
7.8 | 2018-05-18 | CVE-2018-11237 | An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. |
9.8 | 2018-05-18 | CVE-2018-11236 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. |
9.8 | 2018-05-18 | CVE-2017-18269 | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. |
9.8 | 2018-02-02 | CVE-2018-6551 | The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. |
9.8 | 2018-02-01 | CVE-2018-6485 | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. |
7.8 | 2018-01-31 | CVE-2018-1000001 | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
9.8 | 2017-10-22 | CVE-2017-15804 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |
5.9 | 2017-10-20 | CVE-2017-15671 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
24% (21) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10% (9) | CWE-787 | Out-of-bounds Write |
10% (9) | CWE-189 | Numeric Errors |
8% (7) | CWE-20 | Improper Input Validation |
5% (5) | CWE-190 | Integer Overflow or Wraparound |
4% (4) | CWE-399 | Resource Management Errors |
4% (4) | CWE-264 | Permissions, Privileges, and Access Controls |
3% (3) | CWE-125 | Out-of-bounds Read |
3% (3) | CWE-17 | Code |
2% (2) | CWE-674 | Uncontrolled Recursion |
2% (2) | CWE-617 | Reachable Assertion |
2% (2) | CWE-416 | Use After Free |
2% (2) | CWE-200 | Information Exposure |
2% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
2% (2) | CWE-19 | Data Handling |
1% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
1% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
1% (1) | CWE-476 | NULL Pointer Dereference |
1% (1) | CWE-404 | Improper Resource Shutdown or Release |
1% (1) | CWE-284 | Access Control (Authorization) Issues |
1% (1) | CWE-254 | Security Features |
1% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
1% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
1% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (1) | CWE-16 | Configuration |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78316 | GNU C Library (glibc) Multiple Function EMFILE Error Handling Remote DoS |
77508 | GNU C Library time/tzfile.c __tzfile_read() Function Timezone File Handling R... |
75261 | GNU C Library ld.so $ORIGIN Dynamic String Token RPATH Local Privilege Escala... |
74883 | GNU C Library addmntent Function mtab Write RLIMIT_FSIZE Value Handling Local... |
73407 | GNU C Library locale/programs/locale.c Output Quoting Localization Environmen... |
72796 | GNU C Library fnmatch() Function UTF8 String Handling Stack Corruption |
72100 | GNU C Library posix/fnmatch.c fnmatch() Function Overflow DoS |
68920 | GNU C Library Dynamic Linker LD_AUDIT non-setuid Library Loading Issue |
68721 | GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr... |
68630 | GNU C Library Run-time Memory Protection Mechanisms Incorrect Program Executi... |
65080 | GNU C Library strfmon Implementation Crafted Format String Overflow DoS |
65079 | GNU C Library stdlib/strfmon_l.c __vstrfmon_l Function Format String Overflow... |
65078 | GNU C Library misc/mntent_r.c encode_name Macro Crafted Mount Request Local DoS |
65077 | GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr... |
ExploitDB Exploits
id | Description |
---|---|
34421 | glibc Off-by-One NUL Byte gconv_translit_find Exploit |
20167 | eGlibc Signedness Code Execution Vulnerability |
18105 | glibc LD_AUDIT arbitrary DSO load Privilege Escalation |
15304 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
15274 | GNU C library dynamic linker $ORIGIN expansion Vulnerability |
OpenVAS Exploits
id | Description |
---|---|
2012-12-27 | Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-03 glibc File : nvt/esoft_slk_ssa_2012_041_03.nasl |
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-08-03 | Name : Mandriva Update for ncpfs MDVSA-2012:084 (ncpfs) File : nvt/gb_mandriva_MDVSA_2012_084.nasl |
2012-08-03 | Name : Mandriva Update for util-linux MDVSA-2012:083 (util-linux) File : nvt/gb_mandriva_MDVSA_2012_083.nasl |
2012-08-02 | Name : SuSE Update for glibc openSUSE-SU-2012:0064-1 (glibc) File : nvt/gb_suse_2012_0064_1.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64 File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0058 centos6 File : nvt/gb_CESA-2012_0058_glibc_centos6.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0126 centos5 File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl |
2012-07-09 | Name : RedHat Update for glibc RHSA-2012:0058-01 File : nvt/gb_RHSA-2012_0058-01_glibc.nasl |
2012-07-09 | Name : RedHat Update for glibc RHSA-2011:1526-03 File : nvt/gb_RHSA-2011_1526-03_glibc.nasl |
2012-06-06 | Name : RedHat Update for glibc RHSA-2011:0413-01 File : nvt/gb_RHSA-2011_0413-01_glibc.nasl |
2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
2012-03-12 | Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0126-01 File : nvt/gb_RHSA-2012_0126-01_glibc.nasl |
2012-01-20 | Name : Fedora Update for glibc FEDORA-2012-0018 File : nvt/gb_fedora_2012_0018_glibc_fc15.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2011:0412 centos5 i386 File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0793 centos5 i386 File : nvt/gb_CESA-2010_0793_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0787 centos5 i386 File : nvt/gb_CESA-2010_0787_glibc_centos5_i386.nasl |
2011-04-06 | Name : RedHat Update for glibc RHSA-2011:0412-01 File : nvt/gb_RHSA-2011_0412-01_glibc.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-B-0083 | Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity: Category I - VMSKEY: V0060983 |
2015-A-0038 | Multiple Vulnerabilities in GNU C Library (glibc) Severity: Category I - VMSKEY: V0058753 |
2015-B-0007 | Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity: Category I - VMSKEY: V0058213 |
2014-B-0126 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0054325 |
2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
2011-A-0147 | Multiple Vulnerabilities in VMware ESX and ESXi Severity: Category I - VMSKEY: V0030545 |
2011-A-0108 | Multiple Vulnerabilities in VMware ESX Service Console Severity: Category I - VMSKEY: V0029562 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-09-27 | WordPress pingback gethostbyname heap buffer overflow attempt RuleID : 39925 - Type : SERVER-WEBAPP - Revision : 2 |
2015-03-04 | WordPress pingback gethostbyname heap buffer overflow attempt RuleID : 33275 - Type : SERVER-WEBAPP - Revision : 2 |
2015-03-04 | Exim gethostbyname heap buffer overflow attempt RuleID : 33226 - Type : SERVER-MAIL - Revision : 3 |
2015-03-04 | Exim gethostbyname heap buffer overflow attempt RuleID : 33225 - Type : SERVER-MAIL - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1140.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-060302dc83.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-916dfe0d86.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f6b7df660d.nasl - Type: ACT_GATHER_INFO |
2018-12-20 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1131.nasl - Type: ACT_GATHER_INFO |
2018-12-18 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL06493172.nasl - Type: ACT_GATHER_INFO |
2018-12-18 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16365.nasl - Type: ACT_GATHER_INFO |
2018-12-17 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL29241247.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1109.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3092.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1332.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1289.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1239.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1272.nasl - Type: ACT_GATHER_INFO |
2018-09-10 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c1ef35a4f9.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0022.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0023.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0041.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0048.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0052.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0111.nasl - Type: ACT_GATHER_INFO |