National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:gnu:glibc:1.09.1
There are 75 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2015-5180

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

Published: June 27, 2017; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Published: June 19, 2017; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2014-9984

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

Published: June 12, 2017; 09:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-8984

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

Published: March 20, 2017; 12:59:01 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-8983

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.

Published: March 20, 2017; 12:59:01 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2015-8982

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Published: March 15, 2017; 03:59:00 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2016-10228

The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Published: March 01, 2017; 08:59:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-5417

Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.

Published: February 16, 2017; 09:59:13 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-6323

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Published: October 07, 2016; 10:59:06 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-3075

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Published: June 01, 2016; 04:59:03 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-1234

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Published: June 01, 2016; 04:59:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

Published: April 19, 2016; 05:59:05 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Published: April 19, 2016; 05:59:04 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

Published: April 19, 2016; 05:59:04 PM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Published: April 19, 2016; 05:59:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-2856

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.

Published: March 13, 2016; 09:59:04 PM -04:00
V3: 8.4 HIGH
V2: 7.2 HIGH
CVE-2015-8777

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

Published: January 20, 2016; 12:59:01 AM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2015-5277

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

Published: December 17, 2015; 02:59:02 PM -05:00
V2: 7.2 HIGH
CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

Published: September 28, 2015; 04:59:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2013-7424

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

Published: August 26, 2015; 03:59:00 PM -04:00
V2: 5.1 MEDIUM