CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1473 – glibc: Stack-overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1473
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera correctamente el tamaño de tipos de datos durante una decisión de la gestión de riesgos para utilizar en la función alloca, lo que podría permitir atacantes dependientes de contexto causar una denegación de servicio (violación de segmentación) o sobrescribir localizaciones de memoria más allá del límite de la pila a través de una línea larga que contiene caracateres anchas que se manejen incorrectamente en una llamada wscanf. A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. • http://openwall.com/lists/oss-security/2015/02/04/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72499 http://www.ubuntu.com/usn/USN-2519-1 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 https://access.redhat.com/security/cve/CVE-2015-1473 https://bugzilla.redhat.com/show_bug.cgi?id=1209105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 0CVE-2013-7424 – glibc: Invalid-free when using getaddrinfo()
https://notcve.org/view.php?id=CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una denegación de servicio (liberación de memoria no válida) y posiblemente ejecutar código arbitrario a través de vectores no especificados, según lo demostrado en un nombre de dominio internacionalizado para ping6. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. • http://rhn.redhat.com/errata/RHSA-2015-1627.html http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.securityfocus.com/bid/72710 https://bugzilla.redhat.com/show_bug.cgi?id=1186614 https://bugzilla.redhat.com/show_bug.cgi?id=981942 https://sourceware.org/bugzilla/show_bug.cgi?id=18011 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7 https://access.redhat.com/security/cve/CVE-2013-7424 • CWE-17: DEPRECATED: Code •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1CVE-2012-6656
https://notcve.org/view.php?id=CVE-2012-6656
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. iconvdata/ibm930.c en GNU C Library (también conocido como glibc) anterior a 2.16 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de IBM930 a UTF-8. • http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 http://www.ubuntu.com/usn/USN-2432-1 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=14134 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d1183 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 2CVE-2014-6040 – glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://notcve.org/view.php?id=CVE-2014-6040
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. GNU C Library (también conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, o (5) IBM1364 a UTF-8. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. • http://linux.oracle.com/errata/ELSA-2015-0016.html http://secunia.com/advisories/62100 http://secunia.com/advisories/62146 http://ubuntu.com/usn/usn-2432-1 http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 https://security.gentoo.org/glsa/201602-02& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2014-5119 – glibc - NUL Byte gconv_translit_find Off-by-One
https://notcve.org/view.php?id=CVE-2014-5119
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Error de superación de límite (off-by-one) en la función __gconv_translit_find en gconv_trans.c en GNU C Library (también conocido como glibc) permite a atacantes dependientes de contexto causar una denegación de servicio (caída) o ejecutar código arbitrario a través de vectores relacionados con la variable del entorno CHARSET y los módulos de transliteración gconv. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. • https://www.exploit-db.com/exploits/34421 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-1118.html http://seclists.org/fulldisclosure/2014/Aug/69 http://secunia.com/advisories/60345 http://secunia.com/advisories/60358 http://secunia.com/advisories/60441 http://secunia.com/advi • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •