VulnerableCode Package Details - pkg:alpm/archlinux/glibc@2.34-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-16q3-v9ba-aaar	DISPUTED In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."	CVE-2021-43396
VCID-3g4r-ex56-aaaa	The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.	CVE-2021-33574
VCID-4ps4-wrmd-aaaj	A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.	CVE-2021-3999
VCID-8dn8-f7r5-aaaa	The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.	CVE-2021-27645
VCID-duwt-xt4y-aaaj	The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.	CVE-2021-35942
VCID-n5ry-gsbb-aaaq	A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.	CVE-2021-3998

Vulnerability

Summary

Aliases

VCID-16q3-v9ba-aaar

** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."

CVE-2021-43396

VCID-3g4r-ex56-aaaa

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

CVE-2021-33574

VCID-4ps4-wrmd-aaaj

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVE-2021-3999

VCID-8dn8-f7r5-aaaa

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

CVE-2021-27645

VCID-duwt-xt4y-aaaj

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

CVE-2021-35942

VCID-n5ry-gsbb-aaaq

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3998

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:18.438436+00:00	Arch Linux Importer	Fixing	VCID-8dn8-f7r5-aaaa	https://security.archlinux.org/AVG-1621	36.0.0
2025-03-28T07:45:18.411073+00:00	Arch Linux Importer	Fixing	VCID-3g4r-ex56-aaaa	https://security.archlinux.org/AVG-1621	36.0.0
2025-03-28T07:45:18.381246+00:00	Arch Linux Importer	Fixing	VCID-duwt-xt4y-aaaj	https://security.archlinux.org/AVG-1621	36.0.0
2025-03-28T07:45:18.362386+00:00	Arch Linux Importer	Fixing	VCID-n5ry-gsbb-aaaq	https://security.archlinux.org/AVG-1621	36.0.0
2025-03-28T07:45:18.343736+00:00	Arch Linux Importer	Fixing	VCID-4ps4-wrmd-aaaj	https://security.archlinux.org/AVG-1621	36.0.0
2025-03-28T07:45:18.324901+00:00	Arch Linux Importer	Fixing	VCID-16q3-v9ba-aaar	https://security.archlinux.org/AVG-1621	36.0.0
2024-09-18T02:00:14.524664+00:00	Arch Linux Importer	Fixing	VCID-8dn8-f7r5-aaaa	https://security.archlinux.org/AVG-1621	34.0.1
2024-09-18T02:00:14.490881+00:00	Arch Linux Importer	Fixing	VCID-3g4r-ex56-aaaa	https://security.archlinux.org/AVG-1621	34.0.1
2024-09-18T02:00:14.462592+00:00	Arch Linux Importer	Fixing	VCID-duwt-xt4y-aaaj	https://security.archlinux.org/AVG-1621	34.0.1
2024-09-18T02:00:14.442845+00:00	Arch Linux Importer	Fixing	VCID-n5ry-gsbb-aaaq	https://security.archlinux.org/AVG-1621	34.0.1
2024-09-18T02:00:14.423148+00:00	Arch Linux Importer	Fixing	VCID-4ps4-wrmd-aaaj	https://security.archlinux.org/AVG-1621	34.0.1
2024-09-18T02:00:14.403294+00:00	Arch Linux Importer	Fixing	VCID-16q3-v9ba-aaar	https://security.archlinux.org/AVG-1621	34.0.1
2024-01-03T22:26:28.711284+00:00	Arch Linux Importer	Fixing	VCID-8dn8-f7r5-aaaa	https://security.archlinux.org/AVG-1621	34.0.0rc1
2024-01-03T22:26:28.684390+00:00	Arch Linux Importer	Fixing	VCID-3g4r-ex56-aaaa	https://security.archlinux.org/AVG-1621	34.0.0rc1
2024-01-03T22:26:28.660749+00:00	Arch Linux Importer	Fixing	VCID-duwt-xt4y-aaaj	https://security.archlinux.org/AVG-1621	34.0.0rc1
2024-01-03T22:26:28.639046+00:00	Arch Linux Importer	Fixing	VCID-n5ry-gsbb-aaaq	https://security.archlinux.org/AVG-1621	34.0.0rc1
2024-01-03T22:26:28.620217+00:00	Arch Linux Importer	Fixing	VCID-4ps4-wrmd-aaaj	https://security.archlinux.org/AVG-1621	34.0.0rc1
2024-01-03T22:26:28.601260+00:00	Arch Linux Importer	Fixing	VCID-16q3-v9ba-aaar	https://security.archlinux.org/AVG-1621	34.0.0rc1

2025-03-28T07:45:18.438436+00:00

Arch Linux Importer

Fixing