
CVE-2014-6040 – glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://notcve.org/view.php?id=CVE-2014-6040
08 Sep 2014 — GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. GNU C Library (también conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de caracteres de m... • http://linux.oracle.com/errata/ELSA-2015-0016.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2014-5119 – glibc - NUL Byte gconv_translit_find Off-by-One
https://notcve.org/view.php?id=CVE-2014-5119
26 Aug 2014 — Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Error de superación de límite (off-by-one) en la función __gconv_translit_find en gconv_trans.c en GNU C Library (también conocido como glibc) permite a atacantes dependientes de contexto causar una denegación de servicio ... • https://packetstorm.news/files/id/128002 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVE-2014-4043 – Mandriva Linux Security Advisory 2014-152
https://notcve.org/view.php?id=CVE-2014-4043
04 Aug 2014 — The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. La función posix_spawn_file_actions_addopen en glibc anterior a 2.20 no copia su argumento de ruta de acuerdo con la especificación POSIX, lo que permite a atacantes dependientes de contexto provocar vulnerabilidades de uso después de liberación. USN-2306-1 fixed vulnerabilities in th... • https://packetstorm.news/files/id/154361 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2014-0475 – glibc: directory traversal in LC_* locale handling
https://notcve.org/view.php?id=CVE-2014-0475
11 Jul 2014 — Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. Múltiples vulnerabilidades de salto de directorio en GNU C Library (también conocido como glibc or libc6) anterior a 2.20 permiten a atacantes dependientes de contexto evadir las restricciones ForceCommand y posiblemente t... • http://linux.oracle.com/errata/ELSA-2015-0092.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2012-3404 – glibc: incorrect size calculation in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
https://notcve.org/view.php?id=CVE-2012-3404
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. La función vfprintf en stdio-common/vfprintf.c en libc en GNU C Library (también conocido como glibc) 2.12 y otra... • http://rhn.redhat.com/errata/RHSA-2012-1098.html • CWE-189: Numeric Errors •

CVE-2012-3405 – glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
https://notcve.org/view.php?id=CVE-2012-3405
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. La función vfprin... • http://rhn.redhat.com/errata/RHSA-2012-1098.html • CWE-189: Numeric Errors •

CVE-2012-3406 – glibc: printf() unbound alloca() usage in case of positional parameters + many format specs
https://notcve.org/view.php?id=CVE-2012-3406
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability t... • http://rhn.redhat.com/errata/RHSA-2012-1097.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2013-4458 – glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
https://notcve.org/view.php?id=CVE-2013-4458
25 Nov 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c de GNU C Library (también conocido com... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVE-2012-4412 – GNU glibc - 'strcoll()' Routine Integer Overflow
https://notcve.org/view.php?id=CVE-2012-4412
09 Oct 2013 — Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Desbordamiento de enteros en string/strcoll_l.c en GNU C Library (también conocida como glibc o libc6) 2.17 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación del servicio (cuelgue) o posiblemente ejec... • https://packetstorm.news/files/id/153278 • CWE-189: Numeric Errors •

CVE-2012-4424 – Mandriva Linux Security Advisory 2013-284
https://notcve.org/view.php?id=CVE-2012-4424
09 Oct 2013 — Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Desbordamiento de búfer basada en la pila en string/strcoll_l.c en GNU C Library (aka glibc o libc6) 2.17 y anteriores que permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o ... • http://sourceware.org/bugzilla/show_bug.cgi?id=14547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •