Every CVE whose affected-product data names Gnu Glibc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (163)
CVE-2015-0235 — CVSS 10.0 (critical): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows…
CVE-2026-5450 — CVSS 9.8 (critical): Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format…
CVE-2014-9984 — CVSS 9.8 (critical): nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when…
CVE-2019-1010022 — CVSS 9.8 (critical): GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The…
CVE-2018-6551 — CVSS 9.8 (critical): The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on…
CVE-2018-6485 — CVSS 9.8 (critical): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and…
CVE-1999-0199 — CVSS 9.8 (critical): manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2017-18269 — CVSS 9.8 (critical): An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or…
CVE-2017-15804 — CVSS 9.8 (critical): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user…
CVE-2017-15670 — CVSS 9.8 (critical): The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob…
CVE-2015-8779 — CVSS 9.8 (critical): Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent…
CVE-2015-8778 — CVSS 9.8 (critical): Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2014-9761 — CVSS 9.8 (critical): Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a…
CVE-2023-25139 — CVSS 9.8 (critical): sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This…
CVE-2022-23219 — CVSS 9.8 (critical): The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname…
CVE-2022-23218 — CVSS 9.8 (critical): The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path…
CVE-2021-33574 — CVSS 9.8 (critical): The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread…
CVE-2005-3590 — CVSS 9.8 (critical): The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed…
CVE-2019-9169 — CVSS 9.8 (critical): In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an…
CVE-2021-35942 — CVSS 9.1 (critical): The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c)…
CVE-2015-8776 — CVSS 9.1 (critical): The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2023-6246 — CVSS 8.4 (high): A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and…
CVE-2026-0861 — CVSS 8.4 (high): Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version…
CVE-2023-6779 — CVSS 8.2 (high): An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the…
CVE-2024-33599 — CVSS 8.1 (high): nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client…
CVE-2015-7547 — CVSS 8.1 (high): Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc…
CVE-2017-17426 — CVSS 8.1 (high): The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to…
CVE-2015-8983 — CVSS 8.1 (high): Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows…
CVE-2020-6096 — CVSS 8.1 (high): An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on…
CVE-2015-8982 — CVSS 8.1 (high): Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause…
CVE-2018-11237 — CVSS 7.8 (high): An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data…
CVE-2014-9402 — CVSS 7.8 (high): The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch…
CVE-2017-1000366 — CVSS 7.8 (high): glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias…
CVE-2017-1000408 — CVSS 7.8 (high): A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please…
CVE-2017-16997 — CVSS 7.8 (high): elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged…
CVE-2018-1000001 — CVSS 7.8 (high): In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination…
CVE-2019-6488 — CVSS 7.8 (high): The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to…
CVE-2021-3999 — CVSS 7.8 (high): A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the…
CVE-2025-4802 — CVSS 7.8 (high): Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading…
CVE-2010-0015 — CVSS 7.5 (high): nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the…
CVE-2012-4412 — CVSS 7.5 (high): Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to…
CVE-2022-39046 — CVSS 7.5 (high): An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024…
CVE-2003-0028 — CVSS 7.5 (high): Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived…
CVE-2015-1472 — CVSS 7.5 (high): The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size…
CVE-2021-43396 — CVSS 7.5 (high): In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character…
CVE-2015-5180 — CVSS 7.5 (high): res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process…
CVE-2000-0335 — CVSS 7.5 (high): The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVE-2021-3998 — CVSS 7.5 (high): A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage…
CVE-2021-38604 — CVSS 7.5 (high): In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading…
CVE-2021-3326 — CVSS 7.5 (high): The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3…
CVE-2020-29573 — CVSS 7.5 (high): sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input…
CVE-2019-9192 — CVSS 7.5 (high): In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as…
CVE-2016-1234 — CVSS 7.5 (high): Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows…
CVE-2016-3075 — CVSS 7.5 (high): Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows…
CVE-2016-3706 — CVSS 7.5 (high): Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows…
CVE-2016-5417 — CVSS 7.5 (high): Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before…
CVE-2016-6323 — CVSS 7.5 (high): The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on…
CVE-2018-20796 — CVSS 7.5 (high): In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as…
CVE-2026-4046 — CVSS 7.5 (high): The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the…
CVE-2018-19591 — CVSS 7.5 (high): In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation…
CVE-2009-5155 — CVSS 7.5 (high): In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to…
CVE-2017-8804 — CVSS 7.5 (high): The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which…
CVE-2026-4437 — CVSS 7.5 (high): Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library…
CVE-2025-15281 — CVSS 7.5 (high): Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to…
CVE-2002-0684 — CVSS 7.5 (high): Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc…
CVE-2014-4043 — CVSS 7.5 (high): The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX…
CVE-2014-5119 — CVSS 7.5 (high): Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to…
CVE-2023-5156 — CVSS 7.5 (high): A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an…
CVE-2026-5928 — CVSS 7.5 (high): Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and…
CVE-2026-0915 — CVSS 7.5 (high): Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries…
CVE-2024-33602 — CVSS 7.4 (high): nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory…
CVE-2026-5435 — CVSS 7.3 (high): The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the…
CVE-2024-2961 — CVSS 7.3 (high): The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when…
CVE-2024-33601 — CVSS 7.3 (high): nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc…
CVE-2010-0296 — CVSS 7.2 (high): The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs…
CVE-2000-0824 — CVSS 7.2 (high): The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program…
CVE-2015-5277 — CVSS 7.2 (high): The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might…
CVE-2010-3856 — CVSS 7.2 (high): ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT…
CVE-2017-1000409 — CVSS 7.0 (high): A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable…
CVE-2020-1752 — CVSS 7.0 (high): A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out…
CVE-2009-5064 — CVSS 6.9 (medium): ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file…
CVE-2010-3847 — CVSS 6.9 (medium): elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a…
CVE-2011-0536 — CVSS 6.9 (medium): Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6)…
CVE-2013-4237 — CVSS 6.8 (medium): sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial…
CVE-2012-0864 — CVSS 6.8 (medium): Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to…
CVE-2009-5029 — CVSS 6.8 (medium): Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash)…
CVE-2012-3406 — CVSS 6.8 (medium): The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly…
CVE-2011-2702 — CVSS 6.8 (medium): Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3)…
CVE-2015-1781 — CVSS 6.8 (medium): Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows…
CVE-2014-0475 — CVSS 6.8 (medium): Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass…
CVE-2026-6238 — CVSS 6.5 (medium): The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the…
CVE-2023-4527 — CVSS 6.5 (medium): A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with…
CVE-2015-1473 — CVSS 6.4 (medium): The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size…
CVE-2026-3904 — CVSS 6.2 (medium): Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under…
CVE-2011-1095 — CVSS 6.2 (medium): locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local…
CVE-2011-5320 — CVSS 6.2 (medium): scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of…
CVE-2017-15671 — CVSS 5.9 (medium): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing…
CVE-2016-10228 — CVSS 5.9 (medium): The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination…
CVE-2019-25013 — CVSS 5.9 (medium): The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR…
CVE-2017-12133 — CVSS 5.9 (medium): Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows…
CVE-2017-12132 — CVSS 5.9 (medium): The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP…
CVE-2024-33600 — CVSS 5.9 (medium): nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup…
CVE-2016-4429 — CVSS 5.9 (medium): Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote…
CVE-2023-4813 — CVSS 5.9 (medium): A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an…
CVE-2023-4806 — CVSS 5.9 (medium): A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed…
CVE-2015-8984 — CVSS 5.9 (medium): The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of…
CVE-2015-8985 — CVSS 5.9 (medium): The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service…
CVE-2025-5745 — CVSS 5.6 (medium): The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20…
CVE-2025-5702 — CVSS 5.6 (medium): The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to…
CVE-2006-7254 — CVSS 5.5 (medium): The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the…
CVE-2019-7309 — CVSS 5.5 (medium): In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero…
CVE-2020-10029 — CVSS 5.5 (medium): The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long…
CVE-2020-27618 — CVSS 5.5 (medium): The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in…
CVE-2015-8777 — CVSS 5.5 (medium): The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a…
CVE-2015-20109 — CVSS 5.5 (medium): end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to…
CVE-2026-4438 — CVSS 5.4 (medium): Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library…
CVE-2019-1010023 — CVSS 5.4 (medium): GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may…
CVE-2023-6780 — CVSS 5.3 (medium): An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog…
CVE-2019-1010024 — CVSS 5.3 (medium): GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The…
CVE-2016-10739 — CVSS 5.3 (medium): In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4…
CVE-2019-1010025 — CVSS 5.3 (medium): GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The…
CVE-2012-4424 — CVSS 5.1 (medium): Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent…
CVE-2010-0830 — CVSS 5.1 (medium): Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)…
CVE-2011-1071 — CVSS 5.1 (medium): The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary…
CVE-2013-7424 — CVSS 5.1 (medium): The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to…
CVE-2013-4788 — CVSS 5.1 (medium): The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not…
CVE-2020-1751 — CVSS 5.1 (medium): An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the…
CVE-2012-6656 — CVSS 5.0 (medium): iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds…
CVE-2012-3404 — CVSS 5.0 (medium): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a…
CVE-2010-4051 — CVSS 5.0 (medium): The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent…
CVE-2010-4052 — CVSS 5.0 (medium): Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through…
CVE-2012-3405 — CVSS 5.0 (medium): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a…
CVE-2002-1265 — CVSS 5.0 (medium): The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections…
CVE-2014-8121 — CVSS 5.0 (medium): DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not…
CVE-2009-4880 — CVSS 5.0 (medium): Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow…
CVE-2009-4881 — CVSS 5.0 (medium): Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6)…
CVE-2014-6040 — CVSS 5.0 (medium): GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a…
CVE-2002-1146 — CVSS 5.0 (medium): The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the…
CVE-2013-7423 — CVSS 5.0 (medium): The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which…
CVE-2013-4458 — CVSS 5.0 (medium): Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and…
CVE-2010-3192 — CVSS 5.0 (medium): Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which…
CVE-2013-1914 — CVSS 5.0 (medium): Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and…
CVE-2011-1659 — CVSS 5.0 (medium): Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause…
CVE-2013-0242 — CVSS 5.0 (medium): Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier…
CVE-2011-4609 — CVSS 5.0 (medium): The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption)…
CVE-2003-0859 — CVSS 4.9 (medium): The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages…
CVE-2020-29562 — CVSS 4.8 (medium): The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character…
CVE-2012-3480 — CVSS 4.6 (medium): Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in…
CVE-2023-0687 — CVSS 4.6 (medium): A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of…
CVE-2014-7817 — CVSS 4.6 (medium): The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to…
CVE-2013-4332 — CVSS 4.3 (medium): Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers…
CVE-2010-4756 — CVSS 4.0 (medium): The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and…
CVE-2011-1658 — CVSS 3.7 (low): ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely…
CVE-2019-19126 — CVSS 3.3 (low): On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable…
CVE-2011-1089 — CVSS 3.3 (low): The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to…
CVE-2013-2207 — CVSS 2.6 (low): pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to…
CVE-2021-27645 — CVSS 2.5 (low): The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup…
CVE-2004-0968 — CVSS 2.1 (low): The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-1453 — CVSS 2.1 (low): GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a…
CVE-2004-1382 — CVSS 2.1 (low): The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a…
CVE-2000-0959 — CVSS 1.2 (low): glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program…