Search CVE reports
11 – 20 of 164 results
Some fixes available 7 of 8
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| eglibc | Not in release | Not in release | Not in release | — | — |
Some fixes available 7 of 8
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | — | — |
| glibc | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | — | — |
| glibc | — | Fixed | Fixed | Fixed | Not affected |
Some fixes available 6 of 7
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | — | — |
| glibc | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 1 of 2
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Not affected | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | — | — |
Some fixes available 2 of 3
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Fixed | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | — | — |
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Not affected | Fixed | Fixed | Fixed |
| eglibc | — | Not in release | Not in release | Not in release | — |
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release | — |
| glibc | Fixed | Fixed | Fixed | Fixed | Fixed |
[powerpc: getrandom() returns EINVAL as retcode instead of errno]
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Not affected | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | Not in release | — |
Some fixes available 6 of 7
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | Not affected | Fixed | Fixed | Fixed | Fixed |
| eglibc | Not in release | Not in release | Not in release | Not in release | — |