Search for packages
Package details: pkg:deb/debian/glibc@2.31-11
purl pkg:deb/debian/glibc@2.31-11
Next non-vulnerable version 2.36-8
Latest non-vulnerable version 2.41-9
Risk 10.0
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-16q3-v9ba-aaar
Aliases:
CVE-2021-43396
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."
2.31-13+deb11u3
Affected by 8 other vulnerabilities.
VCID-3g4r-ex56-aaaa
Aliases:
CVE-2021-33574
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
2.31-13+deb11u3
Affected by 8 other vulnerabilities.
VCID-49m9-v222-aaae
Aliases:
CVE-2024-2961
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
VCID-4ps4-wrmd-aaaj
Aliases:
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
2.31-13+deb11u5
Affected by 7 other vulnerabilities.
VCID-cvwe-heq6-sqcr
Aliases:
CVE-2025-0395
glibc: buffer overflow in the GNU C Library's assert()
2.36-8
Affected by 0 other vulnerabilities.
VCID-duwt-xt4y-aaaj
Aliases:
CVE-2021-35942
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
2.31-13
Affected by 12 other vulnerabilities.
VCID-mbyf-7tfq-aaad
Aliases:
CVE-2024-33600
glibc: null pointer dereferences after failed netgroup cache insertion
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
VCID-sysh-eg5e-aaak
Aliases:
CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
VCID-vqwk-tqf1-aaac
Aliases:
CVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
2.31-13+deb11u3
Affected by 8 other vulnerabilities.
VCID-vv4f-b7e1-aaak
Aliases:
CVE-2024-33602
glibc: netgroup cache assumes NSS callback uses in-buffer strings
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
VCID-vv6m-c181-aaaj
Aliases:
CVE-2024-33601
glibc: netgroup cache may terminate daemon on memory allocation failure
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
VCID-wjry-nwm2-aaaf
Aliases:
CVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
2.31-13+deb11u3
Affected by 8 other vulnerabilities.
VCID-zvjp-1njs-aaah
Aliases:
CVE-2024-33599
glibc: stack-based buffer overflow in netgroup cache
2.31-13+deb11u11
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-8dn8-f7r5-aaaa The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. CVE-2021-27645
VCID-c3ax-wdga-aaam The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVE-2021-3326

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T06:24:57.348810+00:00 Debian Oval Importer Affected by VCID-duwt-xt4y-aaaj None 36.1.3
2025-06-21T04:52:57.631792+00:00 Debian Oval Importer Affected by VCID-wjry-nwm2-aaaf None 36.1.3
2025-06-21T03:56:32.525863+00:00 Debian Oval Importer Affected by VCID-16q3-v9ba-aaar None 36.1.3
2025-06-21T03:42:09.144445+00:00 Debian Oval Importer Fixing VCID-8dn8-f7r5-aaaa None 36.1.3
2025-06-21T03:09:18.787985+00:00 Debian Oval Importer Affected by VCID-4ps4-wrmd-aaaj None 36.1.3
2025-06-21T02:55:44.646196+00:00 Debian Oval Importer Fixing VCID-c3ax-wdga-aaam None 36.1.3
2025-06-21T02:11:19.590661+00:00 Debian Oval Importer Affected by VCID-vqwk-tqf1-aaac None 36.1.3
2025-06-21T01:43:18.009321+00:00 Debian Oval Importer Affected by VCID-3g4r-ex56-aaaa None 36.1.3
2025-06-08T00:04:11.160442+00:00 Debian Oval Importer Affected by VCID-duwt-xt4y-aaaj None 36.1.0
2025-06-07T22:30:15.009473+00:00 Debian Oval Importer Affected by VCID-wjry-nwm2-aaaf None 36.1.0
2025-06-07T21:31:48.343583+00:00 Debian Oval Importer Affected by VCID-16q3-v9ba-aaar None 36.1.0
2025-06-07T21:16:17.536245+00:00 Debian Oval Importer Fixing VCID-8dn8-f7r5-aaaa None 36.1.0
2025-06-07T20:42:08.885052+00:00 Debian Oval Importer Affected by VCID-4ps4-wrmd-aaaj None 36.1.0
2025-06-07T20:23:27.982845+00:00 Debian Oval Importer Fixing VCID-c3ax-wdga-aaam None 36.1.0
2025-06-07T19:35:05.136703+00:00 Debian Oval Importer Affected by VCID-vqwk-tqf1-aaac None 36.1.0
2025-06-07T19:06:28.990999+00:00 Debian Oval Importer Affected by VCID-3g4r-ex56-aaaa None 36.1.0
2025-05-06T18:45:14.365191+00:00 Debian Oval Importer Affected by VCID-cvwe-heq6-sqcr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:42:49.632851+00:00 Debian Oval Importer Affected by VCID-mbyf-7tfq-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:42:46.739756+00:00 Debian Oval Importer Affected by VCID-zvjp-1njs-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:42:42.702480+00:00 Debian Oval Importer Affected by VCID-vv6m-c181-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:42:40.307704+00:00 Debian Oval Importer Affected by VCID-vv4f-b7e1-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:33:04.631007+00:00 Debian Oval Importer Affected by VCID-49m9-v222-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:26:07.434990+00:00 Debian Oval Importer Fixing VCID-c3ax-wdga-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:23:15.585158+00:00 Debian Oval Importer Affected by VCID-wjry-nwm2-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:56:11.921711+00:00 Debian Oval Importer Affected by VCID-4ps4-wrmd-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:51:00.198862+00:00 Debian Oval Importer Affected by VCID-sysh-eg5e-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:26:06.679181+00:00 Debian Oval Importer Fixing VCID-8dn8-f7r5-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:49:22.200645+00:00 Debian Oval Importer Affected by VCID-vqwk-tqf1-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:06:02.090346+00:00 Debian Oval Importer Affected by VCID-16q3-v9ba-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:46:32.534210+00:00 Debian Oval Importer Affected by VCID-3g4r-ex56-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:07:34.293168+00:00 Debian Oval Importer Affected by VCID-duwt-xt4y-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-07T22:36:26.727324+00:00 Debian Oval Importer Affected by VCID-duwt-xt4y-aaaj None 36.0.0
2025-04-07T21:01:48.699423+00:00 Debian Oval Importer Affected by VCID-wjry-nwm2-aaaf None 36.0.0
2025-04-07T20:00:53.701148+00:00 Debian Oval Importer Affected by VCID-16q3-v9ba-aaar None 36.0.0
2025-04-07T19:46:13.730777+00:00 Debian Oval Importer Fixing VCID-8dn8-f7r5-aaaa None 36.0.0
2025-04-07T19:12:37.477407+00:00 Debian Oval Importer Affected by VCID-4ps4-wrmd-aaaj None 36.0.0
2025-04-07T18:58:33.375398+00:00 Debian Oval Importer Fixing VCID-c3ax-wdga-aaam None 36.0.0
2025-04-07T18:12:47.514095+00:00 Debian Oval Importer Affected by VCID-vqwk-tqf1-aaac None 36.0.0
2025-04-07T17:44:20.289896+00:00 Debian Oval Importer Affected by VCID-3g4r-ex56-aaaa None 36.0.0