Uclibc-ng Project Uclibc-ng — known CVE vulnerabilities
Every CVE whose affected-product data names Uclibc-ng Project Uclibc-ng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-29503 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread…
CVE-2021-43523 — CVSS 9.6 (critical): In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname…
CVE-2016-2225 — CVSS 7.5 (high): The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service…
CVE-2016-6264 — CVSS 7.5 (high): Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a…
CVE-2016-2224 — CVSS 7.5 (high): The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service…
CVE-2021-27419 — CVSS 7.3 (high): uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can…
CVE-2022-30295 — CVSS 6.5 (medium): uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is…