Information on source package glibc

Available versions

ReleaseVersion
jessie2.19-18+deb8u14
stretch2.24-11+deb9u7
stretch (security)2.24-11+deb9u1
buster2.28-10+deb10u4
bullseye2.31-13+deb11u11
bullseye (security)2.31-13+deb11u10
bookworm2.36-9+deb12u9
bookworm (security)2.36-9+deb12u7
trixie2.40-3
sid2.40-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-4813vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...
CVE-2023-4806vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, ignored)fixedfixedfixedA flaw was found in glibc. In an extremely rare situation, the getaddr ...
CVE-2020-6096fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn exploitable signed comparison vulnerability exists in the ARMv7 mem ...
CVE-2020-1751vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedAn out-of-bounds write vulnerability was found in glibc before 2.31 wh ...
CVE-2016-10739vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinf ...
CVE-2016-10228vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedThe iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...
CVE-2015-5180vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedres_query in libresolv in glibc before 2.25 allows remote attackers to ...
CVE-2014-9761vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedMultiple stack-based buffer overflows in the GNU C Library (aka glibc ...
CVE-2009-5155vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-1010025vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableGNU Libc current is affected by: Mitigation bypass. The impact is: Att ...
CVE-2019-1010024vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableGNU Libc current is affected by: Mitigation bypass. The impact is: Att ...
CVE-2019-1010023vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableGNU Libc current is affected by: Re-mapping current loaded library wit ...
CVE-2019-1010022vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableGNU Libc current is affected by: Mitigation bypass. The impact is: Att ...
CVE-2019-9192vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...
CVE-2019-7309vulnerablevulnerablefixedfixedfixedfixedfixedIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...
CVE-2019-6488vulnerablevulnerablefixedfixedfixedfixedfixedThe string component in the GNU C Library (aka glibc or libc6) through ...
CVE-2018-20796vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...
CVE-2015-8985vulnerablevulnerablefixedfixedfixedfixedfixedThe pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...
CVE-2010-4756vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe glob implementation in the GNU C Library (aka glibc or libc6) allo ...

Resolved issues

BugDescription
TEMP-0552518-ADA4BAeglibc: ldd arbitrary code execution
CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer strings The ...
CVE-2024-33601nscd: netgroup cache may terminate daemon on memory allocation failure ...
CVE-2024-33600nscd: Null pointer crashes after notfound response If the Name Servic ...
CVE-2024-33599nscd: Stack-based buffer overflow in netgroup cache If the Name Servi ...
CVE-2024-2961The iconv() function in the GNU C Library versions 2.39 and older may ...
CVE-2023-25139sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-o ...
CVE-2023-6780An integer overflow was found in the __vsyslog_internal function of th ...
CVE-2023-6779An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...
CVE-2023-6246A heap-based buffer overflow was found in the __vsyslog_internal funct ...
CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 ...
CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ...
CVE-2023-4527A flaw was found in glibc. When the getaddrinfo function is called wit ...
CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...
CVE-2022-23219The deprecated compatibility function clnt_create in the sunrpc module ...
CVE-2022-23218The deprecated compatibility function svcunix_create in the sunrpc mod ...
CVE-2021-43396In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...
CVE-2021-38604In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...
CVE-2021-35942The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...
CVE-2021-33574The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...
CVE-2021-27645The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...
CVE-2021-3999A flaw was found in glibc. An off-by-one buffer overflow and underflow ...
CVE-2021-3998A flaw was found in glibc. The realpath() function can mistakenly retu ...
CVE-2021-3326The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...
CVE-2020-29573sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...
CVE-2020-29562The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...
CVE-2020-27618The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...
CVE-2020-10029The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...
CVE-2020-1752A use-after-free vulnerability introduced in glibc upstream version 2. ...
CVE-2019-25013The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...
CVE-2019-19126On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...
CVE-2019-9169In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...
CVE-2018-1000001In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...
CVE-2018-19591In the GNU C Library (aka glibc or libc6) through 2.28, attempting to ...
CVE-2018-11237An AVX-512-optimized implementation of the mempcpy function in the GNU ...
CVE-2018-11236stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...
CVE-2018-6551The malloc implementation in the GNU C Library (aka glibc or libc6), f ...
CVE-2018-6485An integer overflow in the implementation of the posix_memalign in mem ...
CVE-2017-1000409A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...
CVE-2017-1000408A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...
CVE-2017-1000366glibc contains a vulnerability that allows specially crafted LD_LIBRAR ...
CVE-2017-18269An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...
CVE-2017-17426The malloc function in the GNU C Library (aka glibc or libc6) 2.26 cou ...
CVE-2017-16997elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...
CVE-2017-15804The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...
CVE-2017-15671The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...
CVE-2017-15670The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- ...
CVE-2017-12133Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...
CVE-2017-12132The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...
CVE-2016-6323The makecontext function in the GNU C Library (aka glibc or libc6) bef ...
CVE-2016-5417Memory leak in the __res_vinit function in the IPv6 name server manage ...
CVE-2016-4429Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...
CVE-2016-3706Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2016-3075Stack-based buffer overflow in the nss_dns implementation of the getne ...
CVE-2016-2856pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; ...
CVE-2016-1234Stack-based buffer overflow in the glob implementation in GNU C Librar ...
CVE-2015-20109end_pattern (called from internal_fnmatch) in the GNU C Library (aka g ...
CVE-2015-8984The fnmatch function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-8983Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...
CVE-2015-8982Integer overflow in the strxfrm function in the GNU C Library (aka gli ...
CVE-2015-8779Stack-based buffer overflow in the catopen function in the GNU C Libra ...
CVE-2015-8778Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...
CVE-2015-8777The process_envvars function in elf/rtld.c in the GNU C Library (aka g ...
CVE-2015-8776The strftime function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-7547Multiple stack-based buffer overflows in the (1) send_dg and (2) send_ ...
CVE-2015-5277The get_contents function in nss_files/files-XXX.c in the Name Service ...
CVE-2015-5229The calloc function in the glibc package in Red Hat Enterprise Linux ( ...
CVE-2015-1781Buffer overflow in the gethostbyname_r and other unspecified NSS funct ...
CVE-2015-1473The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...
CVE-2015-1472The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...
CVE-2015-0235Heap-based buffer overflow in the __nss_hostname_digits_dots function ...
CVE-2014-9984nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...
CVE-2014-9402The nss_dns implementation of getnetbyname in GNU C Library (aka glibc ...
CVE-2014-8121DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...
CVE-2014-7817The wordexp function in GNU C Library (aka glibc) 2.21 does not enforc ...
CVE-2014-6040GNU C Library (aka glibc) before 2.20 allows context-dependent attacke ...
CVE-2014-5119Off-by-one error in the __gconv_translit_find function in gconv_trans. ...
CVE-2014-4043The posix_spawn_file_actions_addopen function in glibc before 2.20 doe ...
CVE-2014-0475Multiple directory traversal vulnerabilities in GNU C Library (aka gli ...
CVE-2013-7424The getaddrinfo function in glibc before 2.15, when compiled with libi ...
CVE-2013-7423The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...
CVE-2013-4788The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6 ...
CVE-2013-4458Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2013-4332Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...
CVE-2013-4237sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2. ...
CVE-2013-2207pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not pr ...
CVE-2013-1914Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2013-0242Buffer overflow in the extend_buffers function in the regular expressi ...
CVE-2012-6656iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows con ...
CVE-2012-4424Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...
CVE-2012-4412Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...
CVE-2012-3480Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...
CVE-2012-3406The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...
CVE-2012-3405The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...
CVE-2012-3404The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...
CVE-2011-5320scanf and related functions in glibc before 2.15 allow local users to ...
CVE-2011-2702Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...
CVE-2011-1659Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...
CVE-2011-1095locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...
CVE-2011-1089The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...
CVE-2011-1071The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIB ...
CVE-2011-0536Multiple untrusted search path vulnerabilities in elf/dl-object.c in c ...
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the G ...
CVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...
CVE-2010-3856ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...
CVE-2010-3847elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) throu ...
CVE-2010-0830Integer signedness error in the elf_get_dynamic_info function in elf/d ...
CVE-2010-0296The encode_name macro in misc/mntent_r.c in the GNU C Library (aka gli ...
CVE-2010-0015nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 an ...
CVE-2009-5064ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows ...
CVE-2009-5029Integer overflow in the __tzfile_read function in glibc before 2.15 al ...
CVE-2009-4881Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...
CVE-2009-4880Multiple integer overflows in the strfmon implementation in the GNU C ...
CVE-2009-0537Integer overflow in the fts_build function in fts.c in libc in (1) Ope ...
CVE-2008-1391Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...
CVE-2008-1367gcc 4.3.x does not generate a cld instruction while compiling function ...
CVE-2008-0122Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...
CVE-2007-4840PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...
CVE-2007-3508Integer overflow in the process_envvars function in elf/rtld.c in glib ...
CVE-2006-7254The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...
CVE-2005-3590The getgrouplist function in the GNU C library (glibc) before version ...
CVE-2005-0403init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterp ...
CVE-2004-1453GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...
CVE-2004-1382The glibcbug script in glibc 2.3.4 and earlier allows local users to o ...
CVE-2004-0968The catchsegv script in glibc 2.3.2 and earlier allows local users to ...
CVE-2003-0689The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...
CVE-2003-0028Integer overflow in the xdrmem_getbytes() function, and possibly other ...
CVE-2002-1146The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...
CVE-2002-0684Buffer overflow in DNS resolver functions that perform lookup of netwo ...
CVE-2002-0651Buffer overflow in the DNS resolver code used in libc, glibc, and libb ...
CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating sy ...
CVE-1999-0199manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...

Security announcements

DSA / DLADescription
DLA-3850-1glibc - security update
ELA-1119-1glibc - security update
DLA-3807-1glibc - security update
ELA-1087-1glibc - security update
DSA-5678-1glibc - security update
DSA-5673-1glibc - security update
DSA-5611-1glibc - security update
DSA-5514-1glibc - security update
ELA-874-1glibc - security update
ELA-725-1glibc - security update
ELA-724-1glibc - security update
DLA-3152-1glibc - security update
DSA-3887-1glibc - security update
DSA-3481-1glibc - security update
DSA-2122-2glibc - privilege escalation
DSA-2122-1glibc - local privilege escalation
DSA-2058-1glibc - several vulnerabilities
DSA-1973-1glibc - information disclosure
DSA-636-1glibc - insecure temporary files
DSA-282glibc - integer overflow
DSA-149glibc - integer overflow

Search for package or bug name: Reporting problems