CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2013-4237 – glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
https://notcve.org/view.php?id=CVE-2013-4237
09 Oct 2013 — sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. sysdeps/posix/readdir_r.c en GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores permite a atacantes dependientes del contexto provocar una denegación de servicio (escritura fuera de límites y cuelgue) o posiblemente ejecutar código arb... • http://secunia.com/advisories/55113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 2CVE-2013-4332 – glibc: three integer overflows in memory allocator
https://notcve.org/view.php?id=CVE-2013-4332
19 Sep 2013 — Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Múltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (también conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación d... • http://rhn.redhat.com/errata/RHSA-2013-1411.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 1CVE-2013-4122 – Ubuntu Security Notice USN-1988-1
https://notcve.org/view.php?id=CVE-2013-4122
02 Sep 2013 — Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de... • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 8%CPEs: 28EXPL: 4CVE-2013-4788 – glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4788
16 Jul 2013 — The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. La implementación PTR_MANGLE en la GNU C Library (librería también conocida como glibc o libc6) 2.4, 2.17 y... • https://packetstorm.news/files/id/122413 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 3CVE-2009-5029 – GNU glibc - Timezone Parsing Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2009-5029
02 May 2013 — Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Desbordamiento de entero en la función __tzfile_read en glibc anterior a v2.15 que permite a atacantes dependientes del contexto causar una denegación de servicios (caída) y posiblemente ejecutar código arbitrario a través de un fichero timezone (TZ), como se demostró usa... • https://www.exploit-db.com/exploits/36404 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4609 – glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
https://notcve.org/view.php?id=CVE-2011-4609
02 May 2013 — The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. La función svc_run en la implementación RPC en glibc anterior a v2.15 que permite a atacantes remotos causar una denegación de servicios (consumo de CPU) a través de una gran número de conexiones RPC. • https://bugzilla.redhat.com/show_bug.cgi?id=767299 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2012-0864 – glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow
https://notcve.org/view.php?id=CVE-2012-0864
02 May 2013 — Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Desbordamiento de enteros en la función vfprint en stdio-common/vfprint.c en glibc v2.14 y otras versiones que permite a isiarios dependientes del contexto eludir el mecanismo de protección FORTIFY_SOURCE, llevar a cabo ataques de... • http://rhn.redhat.com/errata/RHSA-2012-0393.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 36EXPL: 1CVE-2013-1914 – glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
https://notcve.org/view.php?id=CVE-2013-1914
29 Apr 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una de... • https://packetstorm.news/files/id/164014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3480 – GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3480
25 Aug 2012 — Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Múltiples desbordamientos de entero en (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, y otras "funciones relacionadas" no especificadas en stdlib en GNU C Libra... • https://www.exploit-db.com/exploits/37631 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1089 – glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1089
10 Apr 2011 — The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. La función addmntent en la biblioteca C de GNU (también conocida como glibc o libc6) v2.13 y anteriores no informa de un estado de error de intentos fal... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-16: Configuration •