CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2961 – glibc: Out of bounds write in iconv may lead to remote code execution
https://notcve.org/view.php?id=CVE-2024-2961
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. La función iconv() en las versiones 2.39 y anteriores de la librería GNU C puede desbordar el búfer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicación. o sobrescribir una variable vecina. An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. • https://github.com/rvizx/CVE-2024-2961 https://github.com/tnishiox/cve-2024-2961 https://github.com/absolutedesignltd/iconvfix https://github.com/mattaperkins/FIX-CVE-2024-2961 http://www.openwall.com/lists/oss-security/2024/04/17/9 http://www.openwall.com/lists/oss-security/2024/04/18/4 http://www.openwall.com/lists/oss-security/2024/04/24/2 http://www.openwall.com/lists/oss-security/2024/05/27/1 http://www.openwall.com/lists/oss-security/2024/05/2 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 1CVE-2023-4527 – Glibc: stack read overflow in getaddrinfo in no-aaaa mode
https://notcve.org/view.php?id=CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.conf, una respuesta DNS a través de TCP de más de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a través de los datos de la dirección devuelta por la función, y puede provocar un crash. • http://www.openwall.com/lists/oss-security/2023/09/25/1 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA https: • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 23EXPL: 0CVE-2023-4813 – Glibc: potential use-after-free in gaih_inet()
https://notcve.org/view.php?id=CVE-2023-4813
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Se encontró una falla en glibc. En una situación poco común, la función gaih_inet puede utilizar memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. • http://www.openwall.com/lists/oss-security/2023/10/03/8 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:7409 https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://security.netapp.com/advisory/ntap-20231110-0003 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-20109
https://notcve.org/view.php?id=CVE-2015-20109
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. • https://security.netapp.com/advisory/ntap-20230731-0009 https://sourceware.org/bugzilla/show_bug.cgi?id=18036 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0687
https://notcve.org/view.php?id=CVE-2023-0687
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. • https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo%40yuriev.ru https://sourceware.org/bugzilla/show_bug.cgi?id=29444 https://vuldb.com/?ctiid.220246 https://vuldb.com/?id.220246 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •