CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 1CVE-2020-10029 – glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions
https://notcve.org/view.php?id=CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. La biblioteca GNU C (también se conoce como glibc o libc6) versiones anteriores a 2.32, podría desbordar un búfer sobre la pila durante una reducción de alcance si una entrada a una función long double de 80 bits contiene un patrón de bits no canónico, como es visto cuando se pasa un valor 0x5d4141414141410000 hacia la función sinl sobre sistemas destino de x86. Esto está relacionado con el archivo sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. A flaw was found in glibc in versions prior to 2.32. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E https://security.gentoo.org&#x • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19126 – glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
https://notcve.org/view.php?id=CVE-2019-19126
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. En la arquitectura de x86-64, la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.31 no omite la variable de entorno de LD_PREFER_MAP_32BIT_EXEC durante la ejecución del programa después de una transición de seguridad, permitiendo a atacantes locales restringir las posibles direcciones de mapeo para las bibliotecas cargadas y así omitir ASLR para un programa setuid A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH https://sourceware.org/bugzilla/show_bug.cgi?id=25204 https://usn.ubuntu.com/4416-1 https://access.redhat.com/security/cve/CVE-2019-19126 https://bugzilla.redhat.com/show_bug.cgi?id=1774681 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2013-4412
https://notcve.org/view.php?id=CVE-2013-4412
slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010025
https://notcve.org/view.php?id=CVE-2019-1010025
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. ** EN DISPUTA **La biblioteca Libc actual de GNU está afectada por: Omisión de Mitigación. El impacto es: el atacante puede adivinar las direcciones heap del subproceso (hilo) pthread_created. • https://security-tracker.debian.org/tracker/CVE-2019-1010025 https://sourceware.org/bugzilla/show_bug.cgi?id=22853 https://support.f5.com/csp/article/K06046097 https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS https://ubuntu.com/security/CVE-2019-1010025 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-1010023
https://notcve.org/view.php?id=CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. ** EN DISPUTA ** La corriente de GNU Libc está afectada por: Re-asignación de la biblioteca cargada actual con un archivo ELF malicioso. • http://www.securityfocus.com/bid/109167 https://security-tracker.debian.org/tracker/CVE-2019-1010023 https://sourceware.org/bugzilla/show_bug.cgi?id=22851 https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS https://ubuntu.com/security/CVE-2019-1010023 •