CVE-2023-0687
https://notcve.org/view.php?id=CVE-2023-0687
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. • https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo%40yuriev.ru https://sourceware.org/bugzilla/show_bug.cgi?id=29444 https://vuldb.com/?ctiid.220246 https://vuldb.com/?id.220246 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-3998
https://notcve.org/view.php?id=CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. • https://access.redhat.com/security/cve/CVE-2021-3998 https://bugzilla.redhat.com/show_bug.cgi?id=2024633 https://security-tracker.debian.org/tracker/CVE-2021-3998 https://security.netapp.com/advisory/ntap-20221020-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=28770 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb https://www.openwall.com/lists/oss-security/2022 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVE-2022-23218 – glibc: Stack-based buffer overflow in svcunix_create via long pathnames
https://notcve.org/view.php?id=CVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. La función de compatibilidad obsoleta svcunix_create en el módulo sunrpc de la Biblioteca C de GNU (también conocida como glibc) hasta la versión 2.34 copia su argumento de ruta en la pila sin comprobar su longitud, lo que puede resultar en un desbordamiento del búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) then it will lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202208-24 https://sourceware.org/bugzilla/show_bug.cgi?id=28768 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23218 https://bugzilla.redhat.com/show_bug.cgi?id=2042013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-23219 – glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname
https://notcve.org/view.php?id=CVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. La función de compatibilidad obsoleta clnt_create en el módulo sunrpc de la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, copia su argumento de nombre de host en la pila sin comprobar su longitud, que puede resultar en un desbordamiento de búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc's clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202208-24 https://sourceware.org/bugzilla/show_bug.cgi?id=22542 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23219 https://bugzilla.redhat.com/show_bug.cgi?id=2042017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-43396
https://notcve.org/view.php?id=CVE-2021-43396
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. ** EN DISPUTA ** En el archivo iconvdata/iso-2022-jp-3.c de la Biblioteca C de GNU (también conocida como glibc) 2.34, los atacantes remotos pueden forzar a iconv() a emitir un carácter espurio '\0' a través de datos ISO-2022-JP-3 manipulados que van acompañados de un reinicio de estado interno. Esto puede afectar a la integridad de los datos en ciertos casos de uso de iconv(). • https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396 https://sourceware.org/bugzilla/show_bug.cgi?id=28524 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d https://www.oracle.com/security-alerts/cpujul2022.html •