CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6238 – Buffer overread in ns_printrrf with corrupted RDATA field
https://notcve.org/view.php?id=CVE-2026-6238
28 Apr 2026 — The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since ve... • https://sourceware.org/bugzilla/show_bug.cgi?id=34069 • CWE-126: Buffer Over-read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-5435 – Potential buffer overflow in ns_sprintrrf TSIG handling path
https://notcve.org/view.php?id=CVE-2026-5435
28 Apr 2026 — The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. • https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4046 – iconv crash due to assertion failure with untrusted input
https://notcve.org/view.php?id=CVE-2026-4046
30 Mar 2026 — The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. La función iconv() en la Biblioteca C de GNU versiones 2.43 y anteriores puede colapsar debido a un fallo de aserción al convertir entradas de los conjunt... • https://sourceware.org/bugzilla/show_bug.cgi?id=33980 • CWE-617: Reachable Assertion •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4438 – gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
https://notcve.org/view.php?id=CVE-2026-4438
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la biblioteca GNU C versión 2.34 a la versión 2.43 podría resultar en que se devuelva un nombre de host DNS no válid... • https://sourceware.org/bugzilla/show_bug.cgi?id=34015 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4437 – gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
https://notcve.org/view.php?id=CVE-2026-4437
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la GNU C Library ... • https://sourceware.org/bugzilla/show_bug.cgi?id=34014 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3904
https://notcve.org/view.php?id=CVE-2026-3904
11 Mar 2026 — Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C... • https://sourceware.org/bugzilla/show_bug.cgi?id=29863 • CWE-366: Race Condition within a Thread •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15281 – wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
https://notcve.org/view.php?id=CVE-2025-15281
20 Jan 2026 — Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discovered that the G... • https://sourceware.org/bugzilla/show_bug.cgi?id=33814 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0915 – getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
https://notcve.org/view.php?id=CVE-2026-0915
15 Jan 2026 — Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discov... • https://sourceware.org/bugzilla/show_bug.cgi?id=33802 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0861 – Integer overflow in memalign leads to heap corruption
https://notcve.org/view.php?id=CVE-2026-0861
14 Jan 2026 — Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the att... • https://sourceware.org/bugzilla/show_bug.cgi?id=33796 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8058 – glibc: Double free in glibc
https://notcve.org/view.php?id=CVE-2025-8058
23 Jul 2025 — The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. A double-free vulnerability has been discovered in glibc (GNU C Library). • https://sourceware.org/bugzilla/show_bug.cgi?id=33185 • CWE-415: Double Free •