Search CVE reports
1 – 10 of 162 results
(Calling the ungetwc function on a FILE stream with wide characters enc ...)
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eglibc | — | Not in release | Not in release | — | — |
(Calling the scanf family of functions with a %mc (malloc'd character m ...)
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eglibc | — | Not in release | Not in release | — | — |
(The obsolete nis_local_principal function in the GNU C Library version ...)
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eglibc | — | Not in release | Not in release | — | — |
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| eglibc | — | Not in release | Not in release | — | — |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Vulnerable | Vulnerable | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | — | — |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server,...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Vulnerable | Vulnerable | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | — | — |
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently...
2 affected packages
glibc, eglibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| glibc | — | Not affected | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | — | — |
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release | — |
| glibc | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 7
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | — | — |
| glibc | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 6 of 7
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack...
2 affected packages
eglibc, glibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | — | — |
| glibc | — | Fixed | Fixed | Fixed | Fixed |