Search for packages
| purl | pkg:deb/debian/glibc@2.31-13%2Bdeb11u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-16q3-v9ba-aaar
Aliases: CVE-2021-43396 |
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug." |
Affected by 8 other vulnerabilities. |
|
VCID-3g4r-ex56-aaaa
Aliases: CVE-2021-33574 |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
Affected by 8 other vulnerabilities. |
|
VCID-49m9-v222-aaae
Aliases: CVE-2024-2961 |
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. |
Affected by 4 other vulnerabilities. |
|
VCID-4ps4-wrmd-aaaj
Aliases: CVE-2021-3999 |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. |
Affected by 7 other vulnerabilities. |
|
VCID-cvwe-heq6-sqcr
Aliases: CVE-2025-0395 |
glibc: buffer overflow in the GNU C Library's assert() |
Affected by 0 other vulnerabilities. |
|
VCID-mbyf-7tfq-aaad
Aliases: CVE-2024-33600 |
glibc: null pointer dereferences after failed netgroup cache insertion |
Affected by 4 other vulnerabilities. |
|
VCID-sysh-eg5e-aaak
Aliases: CVE-2023-4911 |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. |
Affected by 4 other vulnerabilities. |
|
VCID-vqwk-tqf1-aaac
Aliases: CVE-2022-23218 |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
Affected by 8 other vulnerabilities. |
|
VCID-vv4f-b7e1-aaak
Aliases: CVE-2024-33602 |
glibc: netgroup cache assumes NSS callback uses in-buffer strings |
Affected by 4 other vulnerabilities. |
|
VCID-vv6m-c181-aaaj
Aliases: CVE-2024-33601 |
glibc: netgroup cache may terminate daemon on memory allocation failure |
Affected by 4 other vulnerabilities. |
|
VCID-wjry-nwm2-aaaf
Aliases: CVE-2022-23219 |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
Affected by 8 other vulnerabilities. |
|
VCID-zvjp-1njs-aaah
Aliases: CVE-2024-33599 |
glibc: stack-based buffer overflow in netgroup cache |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T04:52:57.635392+00:00 | Debian Oval Importer | Affected by | VCID-wjry-nwm2-aaaf | None | 36.1.3 |
| 2025-06-21T03:56:32.530369+00:00 | Debian Oval Importer | Affected by | VCID-16q3-v9ba-aaar | None | 36.1.3 |
| 2025-06-21T03:09:18.791224+00:00 | Debian Oval Importer | Affected by | VCID-4ps4-wrmd-aaaj | None | 36.1.3 |
| 2025-06-21T02:11:19.595444+00:00 | Debian Oval Importer | Affected by | VCID-vqwk-tqf1-aaac | None | 36.1.3 |
| 2025-06-21T01:43:18.013811+00:00 | Debian Oval Importer | Affected by | VCID-3g4r-ex56-aaaa | None | 36.1.3 |
| 2025-06-07T22:30:15.013518+00:00 | Debian Oval Importer | Affected by | VCID-wjry-nwm2-aaaf | None | 36.1.0 |
| 2025-06-07T21:31:48.347279+00:00 | Debian Oval Importer | Affected by | VCID-16q3-v9ba-aaar | None | 36.1.0 |
| 2025-06-07T20:42:08.888085+00:00 | Debian Oval Importer | Affected by | VCID-4ps4-wrmd-aaaj | None | 36.1.0 |
| 2025-06-07T19:35:05.139643+00:00 | Debian Oval Importer | Affected by | VCID-vqwk-tqf1-aaac | None | 36.1.0 |
| 2025-06-07T19:06:28.993966+00:00 | Debian Oval Importer | Affected by | VCID-3g4r-ex56-aaaa | None | 36.1.0 |
| 2025-05-06T18:45:14.376163+00:00 | Debian Oval Importer | Affected by | VCID-cvwe-heq6-sqcr | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T23:42:49.643591+00:00 | Debian Oval Importer | Affected by | VCID-mbyf-7tfq-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T23:42:46.751070+00:00 | Debian Oval Importer | Affected by | VCID-zvjp-1njs-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T23:42:42.713144+00:00 | Debian Oval Importer | Affected by | VCID-vv6m-c181-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T23:42:40.318491+00:00 | Debian Oval Importer | Affected by | VCID-vv4f-b7e1-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T23:33:04.641931+00:00 | Debian Oval Importer | Affected by | VCID-49m9-v222-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:23:15.595321+00:00 | Debian Oval Importer | Affected by | VCID-wjry-nwm2-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:56:11.932044+00:00 | Debian Oval Importer | Affected by | VCID-4ps4-wrmd-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:51:00.209437+00:00 | Debian Oval Importer | Affected by | VCID-sysh-eg5e-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:49:22.210340+00:00 | Debian Oval Importer | Affected by | VCID-vqwk-tqf1-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:06:02.100246+00:00 | Debian Oval Importer | Affected by | VCID-16q3-v9ba-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:46:32.544456+00:00 | Debian Oval Importer | Affected by | VCID-3g4r-ex56-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T21:01:48.710046+00:00 | Debian Oval Importer | Affected by | VCID-wjry-nwm2-aaaf | None | 36.0.0 |
| 2025-04-07T20:00:53.711915+00:00 | Debian Oval Importer | Affected by | VCID-16q3-v9ba-aaar | None | 36.0.0 |
| 2025-04-07T19:12:37.487974+00:00 | Debian Oval Importer | Affected by | VCID-4ps4-wrmd-aaaj | None | 36.0.0 |
| 2025-04-07T18:12:47.524857+00:00 | Debian Oval Importer | Affected by | VCID-vqwk-tqf1-aaac | None | 36.0.0 |
| 2025-04-07T17:44:20.302832+00:00 | Debian Oval Importer | Affected by | VCID-3g4r-ex56-aaaa | None | 36.0.0 |