glibc (SUSE:Linux Enterprise Server for SAP Applications 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP3 package glibc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2022-23219 — CVSS 9.8 (critical): The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname…
CVE-2017-15670 — CVSS 9.8 (critical): The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob…
CVE-2017-15804 — CVSS 9.8 (critical): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user…
CVE-2017-18269 — CVSS 9.8 (critical): An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2018-6485 — CVSS 9.8 (critical): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and…
CVE-2018-6551 — CVSS 9.8 (critical): The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on…
CVE-2019-9169 — CVSS 9.8 (critical): In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an…
CVE-2021-33574 — CVSS 9.8 (critical): The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread…
CVE-2022-23218 — CVSS 9.8 (critical): The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path…
CVE-2021-35942 — CVSS 9.1 (critical): The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c)…
CVE-2021-3999 — CVSS 7.8 (high): A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the…
CVE-2017-16997 — CVSS 7.8 (high): elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged…
CVE-2018-11237 — CVSS 7.8 (high): An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data…
CVE-2017-1000408 — CVSS 7.8 (high): A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please…
CVE-2018-1000001 — CVSS 7.8 (high): In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination…
CVE-2017-8804 — CVSS 7.5 (high): The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which…
CVE-2009-5155 — CVSS 7.5 (high): In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to…
CVE-2017-1000409 — CVSS 7.0 (high): A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable…
CVE-2020-1752 — CVSS 7.0 (high): A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out…
CVE-2017-12132 — CVSS 5.9 (medium): The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP…
CVE-2017-12133 — CVSS 5.9 (medium): Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows…
CVE-2017-15671 — CVSS 5.9 (medium): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing…
CVE-2020-10029 — CVSS 5.5 (medium): The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long…