Vulnerabilidades em The GNU C Library
21 resultadosCVE-2024-2961HIGHThe iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when convertiEPSS 88.3%CVE-2024-33599HIGHnscd: Stack-based buffer overflow in netgroup cacheEPSS 1.3%CVE-2024-33600MEDIUMnscd: Null pointer crashes after notfound responseEPSS 1.2%CVE-2024-33601HIGHnscd: netgroup cache may terminate daemon on memory allocation failureEPSS 1.1%CVE-2026-0915HIGHgetnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovlerEPSS 0.6%CVE-2026-5450CRITICALscanf %mc off-by-one heap buffer overflowEPSS 0.5%CVE-2024-33602HIGHnscd: netgroup cache assumes NSS callback uses in-buffer stringsEPSS 0.4%CVE-2025-4802HIGHUntrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading ofEPSS 0.4%CVE-2026-4046HIGHiconv crash due to assertion failure with untrusted inputEPSS 0.4%CVE-2026-0861HIGHInteger overflow in memalign leads to heap corruptionEPSS 0.4%CVE-2025-0395MEDIUMWhen the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure mesEPSS 0.3%CVE-2026-5928HIGHPotential buffer under-read in ungetwcEPSS 0.3%CVE-2026-6238MEDIUMBuffer overread in ns_printrrf with corrupted RDATA fieldEPSS 0.3%CVE-2026-4437HIGHgethostbyaddr and gethostbyaddr_r may incorrectly handle DNS responseEPSS 0.3%CVE-2025-15281HIGHwordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memoryEPSS 0.3%CVE-2025-5702MEDIUMThe strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to EPSS 0.2%CVE-2025-5745MEDIUMThe strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 toEPSS 0.2%CVE-2026-5435HIGHPotential buffer overflow in ns_sprintrrf TSIG handling pathEPSS 0.2%CVE-2026-4438MEDIUMgethostbyaddr and gethostbyaddr_r return invalid DNS hostnamesEPSS 0.2%CVE-2025-8058MEDIUMThe regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can beEPSS 0.2%