Search for packages
| purl | pkg:deb/ubuntu/glibc@2.30-0ubuntu2 |
| Next non-vulnerable version | 2.31-0ubuntu9.1 |
| Latest non-vulnerable version | 2.31-0ubuntu9.1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9rq2-dpes-aaar
Aliases: CVE-2020-10029 |
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-cahv-x34e-aaah
Aliases: CVE-2020-1752 |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-efsz-7a16-aaaf
Aliases: CVE-2019-7309 |
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-kmgq-gdkr-aaap
Aliases: CVE-2019-19126 |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-sa5a-ea2y-aaab
Aliases: CVE-2020-1751 |
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-tb83-ecmn-aaag
Aliases: CVE-2020-29573 |
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-81cz-acf1-aaak | In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
CVE-2019-9169
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|