VulnerableCode Package Details - pkg:deb/debian/glibc@2.31-13%2Bdeb11u5

Search for packages

Package details: pkg:deb/debian/glibc@2.31-13%2Bdeb11u5

Essentials
History (20)

purl	pkg:deb/debian/glibc@2.31-13%2Bdeb11u5

Next non-vulnerable version	2.36-8
Latest non-vulnerable version	2.41-9
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-49m9-v222-aaae Aliases: CVE-2024-2961	The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cvwe-heq6-sqcr Aliases: CVE-2025-0395	glibc: buffer overflow in the GNU C Library's assert()	2.36-8 Affected by 0 other vulnerabilities.
VCID-mbyf-7tfq-aaad Aliases: CVE-2024-33600	glibc: null pointer dereferences after failed netgroup cache insertion	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sysh-eg5e-aaak Aliases: CVE-2023-4911	A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vv4f-b7e1-aaak Aliases: CVE-2024-33602	glibc: netgroup cache assumes NSS callback uses in-buffer strings	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vv6m-c181-aaaj Aliases: CVE-2024-33601	glibc: netgroup cache may terminate daemon on memory allocation failure	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zvjp-1njs-aaah Aliases: CVE-2024-33599	glibc: stack-based buffer overflow in netgroup cache	2.31-13+deb11u11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4ps4-wrmd-aaaj	A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.	CVE-2021-3999

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T03:09:18.794553+00:00	Debian Oval Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	36.1.3
2025-06-21T00:44:38.483652+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	36.1.3
2025-06-07T20:42:08.899572+00:00	Debian Oval Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	36.1.0
2025-05-06T18:45:14.389447+00:00	Debian Oval Importer	Affected by	VCID-cvwe-heq6-sqcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:49.654351+00:00	Debian Oval Importer	Affected by	VCID-mbyf-7tfq-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:46.762106+00:00	Debian Oval Importer	Affected by	VCID-zvjp-1njs-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:42.723837+00:00	Debian Oval Importer	Affected by	VCID-vv6m-c181-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:42:40.329174+00:00	Debian Oval Importer	Affected by	VCID-vv4f-b7e1-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:33:04.652935+00:00	Debian Oval Importer	Affected by	VCID-49m9-v222-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:56:11.942168+00:00	Debian Oval Importer	Fixing	VCID-4ps4-wrmd-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:51:00.220428+00:00	Debian Oval Importer	Affected by	VCID-sysh-eg5e-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T19:12:37.497672+00:00	Debian Oval Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	36.0.0
2025-04-04T03:27:47.641013+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	36.0.0
2025-02-20T05:35:33.939884+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	35.1.0
2024-11-22T23:31:28.007724+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	35.0.0
2024-10-09T21:59:12.695687+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	34.0.2
2024-09-19T05:56:56.647308+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	34.0.1
2024-04-25T04:15:58.112740+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	34.0.0rc4
2024-01-11T05:43:41.358625+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	34.0.0rc2
2024-01-04T16:59:45.614727+00:00	Debian Importer	Fixing	VCID-4ps4-wrmd-aaaj	None	34.0.0rc1