CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-5450 – scanf %mc off-by-one heap buffer overflow
https://notcve.org/view.php?id=CVE-2026-5450
20 Apr 2026 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. • https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-5928 – Potential buffer under-read in ungetwc
https://notcve.org/view.php?id=CVE-2026-5928
20 Apr 2026 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate ... • https://sourceware.org/bugzilla/show_bug.cgi?id=33998 • CWE-127: Buffer Under-read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4046 – iconv crash due to assertion failure with untrusted input
https://notcve.org/view.php?id=CVE-2026-4046
30 Mar 2026 — The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. La función iconv() en la Biblioteca C de GNU versiones 2.43 y anteriores puede colapsar debido a un fallo de aserción al convertir entradas de los conjunt... • https://sourceware.org/bugzilla/show_bug.cgi?id=33980 • CWE-617: Reachable Assertion •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4438 – gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
https://notcve.org/view.php?id=CVE-2026-4438
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la biblioteca GNU C versión 2.34 a la versión 2.43 podría resultar en que se devuelva un nombre de host DNS no válid... • https://sourceware.org/bugzilla/show_bug.cgi?id=34015 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4437 – gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
https://notcve.org/view.php?id=CVE-2026-4437
20 Mar 2026 — Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la GNU C Library ... • https://sourceware.org/bugzilla/show_bug.cgi?id=34014 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3904
https://notcve.org/view.php?id=CVE-2026-3904
11 Mar 2026 — Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C... • https://sourceware.org/bugzilla/show_bug.cgi?id=29863 • CWE-366: Race Condition within a Thread •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15281 – wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
https://notcve.org/view.php?id=CVE-2025-15281
20 Jan 2026 — Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discovered that the G... • https://sourceware.org/bugzilla/show_bug.cgi?id=33814 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0915 – getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
https://notcve.org/view.php?id=CVE-2026-0915
15 Jan 2026 — Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. Anastasia Belova discov... • https://sourceware.org/bugzilla/show_bug.cgi?id=33802 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0861 – Integer overflow in memalign leads to heap corruption
https://notcve.org/view.php?id=CVE-2026-0861
14 Jan 2026 — Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the att... • https://sourceware.org/bugzilla/show_bug.cgi?id=33796 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8058 – glibc: Double free in glibc
https://notcve.org/view.php?id=CVE-2025-8058
23 Jul 2025 — The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. A double-free vulnerability has been discovered in glibc (GNU C Library). • https://sourceware.org/bugzilla/show_bug.cgi?id=33185 • CWE-415: Double Free •