Vulnerabilities > GNU > Glibc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-01 | CVE-2018-6485 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | 7.5 |
| 2018-02-01 | CVE-2017-1000408 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc 2.1.1 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. | 7.2 |
| 2018-01-31 | CVE-2018-1000001 | Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | 7.2 |
| 2017-12-05 | CVE-2017-17426 | Integer Overflow or Wraparound vulnerability in GNU Glibc 2.26 The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. | 8.1 |
| 2017-10-20 | CVE-2017-15670 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | 7.5 |
| 2017-06-27 | CVE-2015-5180 | NULL Pointer Dereference vulnerability in multiple products res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | 7.5 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.2 |
| 2017-05-07 | CVE-2017-8804 | Deserialization of Untrusted Data vulnerability in GNU Glibc 2.25 The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. | 7.5 |
| 2017-03-20 | CVE-2015-8983 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | 8.1 |
| 2017-03-15 | CVE-2015-8982 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | 8.1 |