VulnerableCode Package Details - pkg:deb/debian/glibc@2.36-8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7s62-m3gd-aaan	A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss__gethostbyname2_r and _nss__getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.	CVE-2023-4806
VCID-cb4r-d431-aaah	A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.	CVE-2023-4813
VCID-cvwe-heq6-sqcr	glibc: buffer overflow in the GNU C Library's assert()	CVE-2025-0395
VCID-yswe-3wmd-h3hx	Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).	CVE-2025-4802

Vulnerability

Summary

Aliases

VCID-7s62-m3gd-aaan

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

CVE-2023-4806

VCID-cb4r-d431-aaah

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2023-4813

VCID-cvwe-heq6-sqcr

glibc: buffer overflow in the GNU C Library's assert()

CVE-2025-0395

VCID-yswe-3wmd-h3hx

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CVE-2025-4802

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T05:03:28.359850+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T04:38:27.272022+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T23:22:43.801398+00:00	Debian Importer	Fixing	VCID-yswe-3wmd-h3hx	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T20:46:16.328191+00:00	Debian Importer	Fixing	VCID-cvwe-heq6-sqcr	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-05T14:33:09.552708+00:00	Debian Importer	Fixing	VCID-cvwe-heq6-sqcr	https://security-tracker.debian.org/tracker/data/json	36.1.0
2025-05-20T03:52:50.586768+00:00	Debian Importer	Fixing	VCID-yswe-3wmd-h3hx	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-06T18:45:14.404622+00:00	Debian Oval Importer	Fixing	VCID-cvwe-heq6-sqcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T09:28:45.100435+00:00	Debian Importer	Fixing	VCID-cvwe-heq6-sqcr	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T05:15:16.355962+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T07:27:40.839263+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-21T14:35:23.231828+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T14:34:36.967114+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	35.1.0
2024-11-24T03:38:29.922601+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T03:37:51.080556+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-10-11T01:01:26.578280+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-11T01:00:59.880199+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-09-20T05:37:30.786630+00:00	Debian Importer	Fixing	VCID-cb4r-d431-aaah	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-20T05:37:06.987266+00:00	Debian Importer	Fixing	VCID-7s62-m3gd-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.1