Search for packages
| purl | pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.9 |
| Next non-vulnerable version | 2.19-0ubuntu6.14 |
| Latest non-vulnerable version | 2.19-0ubuntu6.14 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2u2p-f2k7-aaar
Aliases: CVE-2015-8982 |
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. |
Affected by 7 other vulnerabilities. |
|
VCID-38up-9y3m-aaaj
Aliases: CVE-2015-8984 |
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. |
Affected by 7 other vulnerabilities. |
|
VCID-39gf-zy6k-aaah
Aliases: CVE-2016-3706 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. |
Affected by 7 other vulnerabilities. |
|
VCID-4xqz-mqku-aaad
Aliases: CVE-2017-1000366 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
Affected by 6 other vulnerabilities. |
|
VCID-5ex2-t5pk-aaak
Aliases: CVE-2015-8983 |
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. |
Affected by 7 other vulnerabilities. |
|
VCID-7dyv-bqd1-aaas
Aliases: CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. |
Affected by 7 other vulnerabilities. |
|
VCID-ebra-cryr-aaap
Aliases: CVE-2017-16997 |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. |
Affected by 0 other vulnerabilities. |
|
VCID-np3c-natf-aaah
Aliases: CVE-2016-4429 |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. |
Affected by 7 other vulnerabilities. |
|
VCID-q34n-jxu6-aaaa
Aliases: CVE-2016-1234 |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. |
Affected by 7 other vulnerabilities. |
|
VCID-sbu9-jza7-aaae
Aliases: CVE-2017-15670 |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. |
Affected by 0 other vulnerabilities. |
|
VCID-thwz-6sj5-aaad
Aliases: CVE-2017-1000408 |
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |
Affected by 0 other vulnerabilities. |
|
VCID-vh9x-2eyt-aaab
Aliases: CVE-2017-15804 |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |
Affected by 0 other vulnerabilities. |
|
VCID-y6e2-dv72-aaac
Aliases: CVE-2017-1000409 |
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |
Affected by 0 other vulnerabilities. |
|
VCID-z25y-bsee-aaac
Aliases: CVE-2018-1000001 |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|