Vulnerabilities > GNU > Glibc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-01 | CVE-2017-1000409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc 2.5 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. | 7.0 |
| 2018-02-01 | CVE-2017-1000408 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc 2.1.1 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. | 7.8 |
| 2018-01-31 | CVE-2018-1000001 | Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | 7.8 |
| 2017-12-18 | CVE-2017-16997 | Untrusted Search Path vulnerability in multiple products elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. | 7.8 |
| 2017-12-05 | CVE-2017-17426 | Integer Overflow or Wraparound vulnerability in GNU Glibc 2.26 The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. | 8.1 |
| 2017-06-27 | CVE-2015-5180 | NULL Pointer Dereference vulnerability in multiple products res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | 7.5 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
| 2017-05-07 | CVE-2017-8804 | Deserialization of Untrusted Data vulnerability in GNU Glibc 2.25 The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. | 7.5 |
| 2017-03-20 | CVE-2015-8983 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | 8.1 |
| 2017-03-15 | CVE-2015-8982 | Integer Overflow or Wraparound vulnerability in GNU Glibc 2.3.10/2.3.2/2.3.3 Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | 8.1 |