Vulnerabilities > GNU > Glibc > 2.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-09 | CVE-2012-4424 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. | 5.1 |
2013-10-09 | CVE-2012-4412 | Numeric Errors vulnerability in GNU Glibc Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | 7.5 |
2013-10-04 | CVE-2013-4788 | Improper Input Validation vulnerability in GNU Eglibc and Glibc The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | 5.1 |
2013-05-02 | CVE-2011-4609 | Resource Management Errors vulnerability in GNU Glibc The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | 5.0 |
2011-04-10 | CVE-2011-1089 | Configuration vulnerability in GNU Glibc The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | 3.3 |
2011-04-08 | CVE-2011-1658 | Permissions, Privileges, and Access Controls vulnerability in GNU Glibc ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. | 3.7 |
2010-10-14 | CVE-2010-3192 | Information Exposure vulnerability in GNU Glibc Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | 5.0 |