CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6238 – Buffer overread in ns_printrrf with corrupted RDATA field
https://notcve.org/view.php?id=CVE-2026-6238
28 Apr 2026 — The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since ve... • https://sourceware.org/bugzilla/show_bug.cgi?id=34069 • CWE-126: Buffer Over-read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-5435 – Potential buffer overflow in ns_sprintrrf TSIG handling path
https://notcve.org/view.php?id=CVE-2026-5435
28 Apr 2026 — The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. • https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-5450 – scanf %mc off-by-one heap buffer overflow
https://notcve.org/view.php?id=CVE-2026-5450
20 Apr 2026 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. • https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-5928 – Potential buffer under-read in ungetwc
https://notcve.org/view.php?id=CVE-2026-5928
20 Apr 2026 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate ... • https://sourceware.org/bugzilla/show_bug.cgi?id=33998 • CWE-127: Buffer Under-read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4046 – iconv crash due to assertion failure with untrusted input
https://notcve.org/view.php?id=CVE-2026-4046
30 Mar 2026 — The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. La función iconv() en la Biblioteca C de GNU versiones 2.43 y anteriores puede colapsar debido a un fallo de aserción al convertir entradas de los conjunt... • https://sourceware.org/bugzilla/show_bug.cgi?id=33980 • CWE-617: Reachable Assertion •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4438 – gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
https://notcve.org/view.php?id=CVE-2026-4438
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la biblioteca GNU C versión 2.34 a la versión 2.43 podría resultar en que se devuelva un nombre de host DNS no válid... • https://sourceware.org/bugzilla/show_bug.cgi?id=34015 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4437 – gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
https://notcve.org/view.php?id=CVE-2026-4437
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la GNU C Library ... • https://sourceware.org/bugzilla/show_bug.cgi?id=34014 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3904
https://notcve.org/view.php?id=CVE-2026-3904
11 Mar 2026 — Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C... • https://sourceware.org/bugzilla/show_bug.cgi?id=29863 • CWE-366: Race Condition within a Thread •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15281 – wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
https://notcve.org/view.php?id=CVE-2025-15281
20 Jan 2026 — Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discovered that the G... • https://sourceware.org/bugzilla/show_bug.cgi?id=33814 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0915 – getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
https://notcve.org/view.php?id=CVE-2026-0915
15 Jan 2026 — Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discov... • https://sourceware.org/bugzilla/show_bug.cgi?id=33802 • CWE-908: Use of Uninitialized Resource •