VulnerableCode Package Details - pkg:deb/debian/glibc@2.31-13

Search for packages

Package details: pkg:deb/debian/glibc@2.31-13

Essentials
History (31)

purl	pkg:deb/debian/glibc@2.31-13

Next non-vulnerable version	2.36-8
Latest non-vulnerable version	2.41-9
Risk	10.0

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-16q3-v9ba-aaar Aliases: CVE-2021-43396	DISPUTED In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."	2.31-13+deb11u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3g4r-ex56-aaaa Aliases: CVE-2021-33574	The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.	2.31-13+deb11u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-49m9-v222-aaae Aliases: CVE-2024-2961	The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4ps4-wrmd-aaaj Aliases: CVE-2021-3999	A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.	2.31-13+deb11u5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cvwe-heq6-sqcr Aliases: CVE-2025-0395	glibc: buffer overflow in the GNU C Library's assert()	2.36-8 Affected by 0 other vulnerabilities.
VCID-mbyf-7tfq-aaad Aliases: CVE-2024-33600	glibc: null pointer dereferences after failed netgroup cache insertion	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sysh-eg5e-aaak Aliases: CVE-2023-4911	A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vqwk-tqf1-aaac Aliases: CVE-2022-23218	The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.	2.31-13+deb11u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vv4f-b7e1-aaak Aliases: CVE-2024-33602	glibc: netgroup cache assumes NSS callback uses in-buffer strings	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vv6m-c181-aaaj Aliases: CVE-2024-33601	glibc: netgroup cache may terminate daemon on memory allocation failure	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wjry-nwm2-aaaf Aliases: CVE-2022-23219	The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.	2.31-13+deb11u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zvjp-1njs-aaah Aliases: CVE-2024-33599	glibc: stack-based buffer overflow in netgroup cache	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-duwt-xt4y-aaaj	The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.	CVE-2021-35942

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T06:24:57.351087+00:00	Debian Oval Importer	Fixing	VCID-duwt-xt4y-aaaj	None	36.1.3
2025-06-21T04:52:57.633601+00:00	Debian Oval Importer	Affected by	VCID-wjry-nwm2-aaaf	None	36.1.3
2025-06-21T03:56:32.528142+00:00	Debian Oval Importer	Affected by	VCID-16q3-v9ba-aaar	None	36.1.3
2025-06-21T03:09:18.789620+00:00	Debian Oval Importer	Affected by	VCID-4ps4-wrmd-aaaj	None	36.1.3
2025-06-21T02:11:19.592576+00:00	Debian Oval Importer	Affected by	VCID-vqwk-tqf1-aaac	None	36.1.3
2025-06-21T01:43:18.011586+00:00	Debian Oval Importer	Affected by	VCID-3g4r-ex56-aaaa	None	36.1.3
2025-06-08T00:04:11.162163+00:00	Debian Oval Importer	Fixing	VCID-duwt-xt4y-aaaj	None	36.1.0
2025-06-07T22:30:15.011698+00:00	Debian Oval Importer	Affected by	VCID-wjry-nwm2-aaaf	None	36.1.0
2025-06-07T21:31:48.345445+00:00	Debian Oval Importer	Affected by	VCID-16q3-v9ba-aaar	None	36.1.0
2025-06-07T20:42:08.886574+00:00	Debian Oval Importer	Affected by	VCID-4ps4-wrmd-aaaj	None	36.1.0
2025-06-07T19:35:05.138168+00:00	Debian Oval Importer	Affected by	VCID-vqwk-tqf1-aaac	None	36.1.0
2025-06-07T19:06:28.992484+00:00	Debian Oval Importer	Affected by	VCID-3g4r-ex56-aaaa	None	36.1.0
2025-05-06T18:45:14.370627+00:00	Debian Oval Importer	Affected by	VCID-cvwe-heq6-sqcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:49.638184+00:00	Debian Oval Importer	Affected by	VCID-mbyf-7tfq-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:46.745197+00:00	Debian Oval Importer	Affected by	VCID-zvjp-1njs-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:42.707856+00:00	Debian Oval Importer	Affected by	VCID-vv6m-c181-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:40.313096+00:00	Debian Oval Importer	Affected by	VCID-vv4f-b7e1-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:33:04.636568+00:00	Debian Oval Importer	Affected by	VCID-49m9-v222-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:23:15.590242+00:00	Debian Oval Importer	Affected by	VCID-wjry-nwm2-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:56:11.926898+00:00	Debian Oval Importer	Affected by	VCID-4ps4-wrmd-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:51:00.204152+00:00	Debian Oval Importer	Affected by	VCID-sysh-eg5e-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:49:22.205540+00:00	Debian Oval Importer	Affected by	VCID-vqwk-tqf1-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:06:02.095194+00:00	Debian Oval Importer	Affected by	VCID-16q3-v9ba-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:46:32.539456+00:00	Debian Oval Importer	Affected by	VCID-3g4r-ex56-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:07:34.298061+00:00	Debian Oval Importer	Fixing	VCID-duwt-xt4y-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T22:36:26.732744+00:00	Debian Oval Importer	Fixing	VCID-duwt-xt4y-aaaj	None	36.0.0
2025-04-07T21:01:48.704750+00:00	Debian Oval Importer	Affected by	VCID-wjry-nwm2-aaaf	None	36.0.0
2025-04-07T20:00:53.706690+00:00	Debian Oval Importer	Affected by	VCID-16q3-v9ba-aaar	None	36.0.0
2025-04-07T19:12:37.482746+00:00	Debian Oval Importer	Affected by	VCID-4ps4-wrmd-aaaj	None	36.0.0
2025-04-07T18:12:47.519521+00:00	Debian Oval Importer	Affected by	VCID-vqwk-tqf1-aaac	None	36.0.0
2025-04-07T17:44:20.296053+00:00	Debian Oval Importer	Affected by	VCID-3g4r-ex56-aaaa	None	36.0.0