CVSS: 9.8EPSS: 3%CPEs: 29EXPL: 1CVE-2013-4458 – glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
https://notcve.org/view.php?id=CVE-2013-4458
25 Nov 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c de GNU C Library (también conocido com... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 28EXPL: 0CVE-2013-2207 – Mandriva Linux Security Advisory 2013-283
https://notcve.org/view.php?id=CVE-2013-2207
09 Oct 2013 — pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. pt_chown en GNU C Library (también conocida como glibc o libc6) anterior a la versión 2.18 no comprueba adecuadamente los permisos para archivos tty, lo que permite a usuarios locales cambiar el permiso en los archivos y obtener acceso a pseudo-terminals ar... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 27EXPL: 0CVE-2013-4237 – glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
https://notcve.org/view.php?id=CVE-2013-4237
09 Oct 2013 — sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. sysdeps/posix/readdir_r.c en GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores permite a atacantes dependientes del contexto provocar una denegación de servicio (escritura fuera de límites y cuelgue) o posiblemente ejecutar código arb... • http://secunia.com/advisories/55113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 3CVE-2012-4412 – GNU glibc - 'strcoll()' Routine Integer Overflow
https://notcve.org/view.php?id=CVE-2012-4412
09 Oct 2013 — Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Desbordamiento de enteros en string/strcoll_l.c en GNU C Library (también conocida como glibc o libc6) 2.17 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación del servicio (cuelgue) o posiblemente ejec... • https://packetstorm.news/files/id/153278 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 1CVE-2012-4424 – Mandriva Linux Security Advisory 2013-284
https://notcve.org/view.php?id=CVE-2012-4424
09 Oct 2013 — Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Desbordamiento de búfer basada en la pila en string/strcoll_l.c en GNU C Library (aka glibc o libc6) 2.17 y anteriores que permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o ... • http://sourceware.org/bugzilla/show_bug.cgi?id=14547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 2CVE-2013-4332 – glibc: three integer overflows in memory allocator
https://notcve.org/view.php?id=CVE-2013-4332
19 Sep 2013 — Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Múltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (también conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación d... • http://rhn.redhat.com/errata/RHSA-2013-1411.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 1CVE-2013-4122 – Ubuntu Security Notice USN-1988-1
https://notcve.org/view.php?id=CVE-2013-4122
02 Sep 2013 — Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de... • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 28EXPL: 4CVE-2013-4788 – glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4788
16 Jul 2013 — The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. La implementación PTR_MANGLE en la GNU C Library (librería también conocida como glibc o libc6) 2.4, 2.17 y... • https://packetstorm.news/files/id/122413 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2012-0864 – glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow
https://notcve.org/view.php?id=CVE-2012-0864
02 May 2013 — Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Desbordamiento de enteros en la función vfprint en stdio-common/vfprint.c en glibc v2.14 y otras versiones que permite a isiarios dependientes del contexto eludir el mecanismo de protección FORTIFY_SOURCE, llevar a cabo ataques de... • http://rhn.redhat.com/errata/RHSA-2012-0393.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4609 – glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
https://notcve.org/view.php?id=CVE-2011-4609
02 May 2013 — The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. La función svc_run en la implementación RPC en glibc anterior a v2.15 que permite a atacantes remotos causar una denegación de servicios (consumo de CPU) a través de una gran número de conexiones RPC. • https://bugzilla.redhat.com/show_bug.cgi?id=767299 • CWE-399: Resource Management Errors •