glibc (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package glibc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2017-15804 — CVSS 9.8 (critical): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user…
CVE-2018-6551 — CVSS 9.8 (critical): The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on…
CVE-2018-6485 — CVSS 9.8 (critical): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2017-15670 — CVSS 9.8 (critical): The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob…
CVE-2017-18269 — CVSS 9.8 (critical): An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or…
CVE-2017-16997 — CVSS 7.8 (high): elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged…
CVE-2017-1000408 — CVSS 7.8 (high): A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please…
CVE-2018-1000001 — CVSS 7.8 (high): In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination…
CVE-2018-11237 — CVSS 7.8 (high): An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data…
CVE-2017-8804 — CVSS 7.5 (high): The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which…
CVE-2017-1000409 — CVSS 7.0 (high): A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable…
CVE-2017-12132 — CVSS 5.9 (medium): The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP…
CVE-2017-12133 — CVSS 5.9 (medium): Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows…
CVE-2017-15671 — CVSS 5.9 (medium): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing…