CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-33574 – glibc: mq_notify does not handle separately allocated thread attributes
https://notcve.org/view.php?id=CVE-2021-33574
25 May 2021 — The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. La función mq_notify de la Biblioteca C de GNU (también conocida como glibc) versiones 2.32 y 2.33 tiene un use-after-free. Puede utilizar el objeto de atributos del hilo de notificac... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 1CVE-2020-27618 – glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop
https://notcve.org/view.php?id=CVE-2020-27618
26 Feb 2021 — The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando se procesa secuencias de entrada de ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27645 – glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c
https://notcve.org/view.php?id=CVE-2021-27645
24 Feb 2021 — The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. El demonio de almacenamiento en caché nameserver (nscd) en el GNU C Library (también se conoce como glibc o libc6) versiones 2.29 hasta 2.33, cuando se procesa una petición de búsqueda de netgroup, puede cometer un ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2021-3326 – glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
https://notcve.org/view.php?id=CVE-2021-3326
27 Jan 2021 — The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando procesa secuencias de entrada no válidas en la codificación ISO-2022-JP-3, se produce un fallo una aserción en la ruta del código y aborta el... • http://www.openwall.com/lists/oss-security/2021/01/28/2 • CWE-617: Reachable Assertion •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2019-25013 – glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding
https://notcve.org/view.php?id=CVE-2019-25013
04 Jan 2021 — The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. La funcionalidad iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones hasta 2.32, cuando se procesan secuencias de entrada multibyte no válidas en la codificación EUC-KR, puede tener una lectura excesiva del búfer. A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequ... • https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29573 – glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
https://notcve.org/view.php?id=CVE-2020-29573
05 Dec 2020 — sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In ot... • https://security.gentoo.org/glsa/202101-20 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-29562 – Ubuntu Security Notice USN-5310-1
https://notcve.org/view.php?id=CVE-2020-29562
04 Dec 2020 — The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. La función iconv en la GNU C Library (también se conoce como glibc o libc6) versiones 2.30 hasta 2.32, al convertir texto UCS4 que contiene un carácter irreversible, se comete un fallo en una aserción en la ruta del código y aborta el programa, lo que potencialmente ... • https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-1999-0199
https://notcve.org/view.php?id=CVE-1999-0199
06 Oct 2020 — manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. En el archivo manual/search.texi en la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.2, carece de una declaración sobre el valor de retorno tdelete no especificado al eliminar una raíz de u... • https://ftp.gnu.org/gnu/glibc/glibc-2.2.tar.gz • CWE-252: Unchecked Return Value •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-1752 – glibc: use-after-free in glob() function when expanding ~user
https://notcve.org/view.php?id=CVE-2020-1752
30 Apr 2020 — A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. Una vulnerabilidad de uso de la memoria previamente liberada introducida e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1751 – glibc: array overflow in backtrace functions for powerpc
https://notcve.org/view.php?id=CVE-2020-1751
17 Apr 2020 — An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. Se encontró una vulnerabilidad de escritura fuera de límites en glibc versiones anteriores a 2.31, cuando se manejaban trampolines de señal en PowerPC. Concre... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751 • CWE-787: Out-of-bounds Write •