CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 2CVE-2011-2702 – eGlibc - Signedness Code Execution
https://notcve.org/view.php?id=CVE-2011-2702
27 Oct 2014 — Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. Error de signo de enteros en Glibc anterior a 2.13 y eglibc anterior a 2.13, cuando utiliza l... • https://www.exploit-db.com/exploits/20167 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 3CVE-2013-4357 – Ubuntu Security Notice USN-2306-1
https://notcve.org/view.php?id=CVE-2013-4357
04 Aug 2014 — The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. El paquete eglibc versiones anteriores a la versión 2.14, manejó incorrectamente la función getaddrinfo(). Un atacante podría usar este problema para causar una denegación de servicio. USN-2306-1 fixed vulnerabilities in the GNU C Library. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •