CVSS: 8.1EPSS: 4%CPEs: 4EXPL: 0CVE-2020-6096 – Ubuntu Security Notice USN-5310-1
https://notcve.org/view.php?id=CVE-2020-6096
01 Apr 2020 — An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementa... • https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-195: Signed to Unsigned Conversion Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 1CVE-2020-10029 – glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions
https://notcve.org/view.php?id=CVE-2020-10029
04 Mar 2020 — The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. La biblioteca GNU C (también se conoce como glibc o libc6) versiones anteriores a 2.32, podría desbordar un búfer sobre la pila durante una reducción de alcance si una entrada a una funci... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19126 – glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
https://notcve.org/view.php?id=CVE-2019-19126
19 Nov 2019 — On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. En la arquitectura de x86-64, la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.31 no omite la variable de entorno de LD_PREFER_MAP_32BIT_EXEC durante la ejecución ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4412
https://notcve.org/view.php?id=CVE-2013-4412
04 Nov 2019 — slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7254
https://notcve.org/view.php?id=CVE-2006-7254
10 Apr 2019 — The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. El demonio nscd en la librería GNU C (glibc) anterior a la versión 2.5, no cierra los sockets de clientes entrantes si no pueden ser manejados por el demonio, lo que permite a los usuarios locales llevar a cabo un ataque de denegación de servicio en el demonio. • https://sourceware.org/bugzilla/show_bug.cgi?id=2498 • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3590
https://notcve.org/view.php?id=CVE-2005-3590
10 Apr 2019 — The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. La función getgrouplist en la librería GNU C (glibc) anterior a la versión 2.3.5, cuando se invoca con un argumento cero, escribe en el puntero pasado incluso si el tamaño de la matriz especificada es cero, lo que lleva a un desbordamiento del bú... • http://www.securityfocus.com/bid/107871 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9192
https://notcve.org/view.php?id=CVE-2019-9192
26 Feb 2019 — In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern ** EN DISPUTA ** EN GNU C Library (también conocido como glibc o libc6), hasta la versión 2.29, check_dst_limits_calc_pos_1 en posix/regexec.c tiene una recursión no controlad... • https://sourceware.org/bugzilla/show_bug.cgi?id=24269 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2018-20796
https://notcve.org/view.php?id=CVE-2018-20796
26 Feb 2019 — In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. En la biblioteca GNU C (también conocida como glibc o libc6), hasta la versión 2.29, check_dst_limits_calc_pos_1 en posix/regexec.c tiene una recursión no controlada, tal y como queda demostrado con "(\227|)(\\1\\1|t1|\\\2537)+" en grep. • http://www.securityfocus.com/bid/107160 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 11%CPEs: 10EXPL: 2CVE-2019-9169 – glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read
https://notcve.org/view.php?id=CVE-2019-9169
26 Feb 2019 — In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. En la biblioteca GNU C (también conocida como glibc o libc6), hasta la versión 2.29, proceed_next_node en posix/regexec.c tiene una sobrelectura de búfer basada en memoria dinámica (heap) mediante un intento de coincidencia de expresiones regulares que no distinguen entre mayúsculas y minúsculas. Red Hat Advanced Cluster Ma... • http://www.securityfocus.com/bid/107160 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 4CVE-2009-5155 – Ubuntu Security Notice USN-4954-1
https://notcve.org/view.php?id=CVE-2009-5155
26 Feb 2019 — In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. En la biblioteca GNU C (también conocida como glibc o libc6), en versiones anteriores a la 2.28, parse_reg_exp en posix/regcomp.c analiza erróneamente las alternativas, lo que permite que los atacantes provoquen una denegación de serv... • http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272 • CWE-19: Data Processing Errors •