CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998 – Ubuntu Security Notice USN-5310-1
https://notcve.org/view.php?id=CVE-2021-3998
02 Mar 2022 — A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. • https://access.redhat.com/security/cve/CVE-2021-3998 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-23218 – glibc: Stack-based buffer overflow in svcunix_create via long pathnames
https://notcve.org/view.php?id=CVE-2022-23218
14 Jan 2022 — The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. La función de compatibilidad obsoleta svcunix_create en el módulo sunrpc de la Biblioteca C de GNU (también conocida como glibc) hasta la versión ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 1CVE-2022-23219 – glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname
https://notcve.org/view.php?id=CVE-2022-23219
14 Jan 2022 — The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. La función de compatibilidad obsoleta clnt_create en el módulo sunrpc de la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-38604 – Gentoo Linux Security Advisory 202208-24
https://notcve.org/view.php?id=CVE-2021-38604
12 Aug 2021 — In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vuln... • https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-33574 – glibc: mq_notify does not handle separately allocated thread attributes
https://notcve.org/view.php?id=CVE-2021-33574
25 May 2021 — The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. La función mq_notify de la Biblioteca C de GNU (también conocida como glibc) versiones 2.32 y 2.33 tiene un use-after-free. Puede utilizar el objeto de atributos del hilo de notificac... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-416: Use After Free •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27645 – glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c
https://notcve.org/view.php?id=CVE-2021-27645
24 Feb 2021 — The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. El demonio de almacenamiento en caché nameserver (nscd) en el GNU C Library (también se conoce como glibc o libc6) versiones 2.29 hasta 2.33, cuando se procesa una petición de búsqueda de netgroup, puede cometer un ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-415: Double Free CWE-416: Use After Free •