cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2025-0395,https://securityvulnerability.io/vulnerability/CVE-2025-0395,Buffer Overflow Vulnerability in GNU C Library Affecting Multiple Versions,"The GNU C Library's assert() function in versions 2.13 to 2.40 has a flaw in its handling of assertion failure messages. When this function fails, it inadequately allocates space for both the message string and its associated size information. This can lead to a buffer overflow condition if the size of the failure message aligns with the page size, potentially allowing attackers to write outside the bounds of allocated memory, leading to exploitability and instability.",The Gnu C Library,Glibc,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T13:11:30.406Z,276 CVE-2024-33602,https://securityvulnerability.io/vulnerability/CVE-2024-33602,nscd netgroup cache corruption vulnerability,"The Name Service Cache Daemon (nscd) is affected by a memory corruption vulnerability due to improper handling of NSS callback strings in the netgroup cache functionality. This weakness, introduced in glibc version 2.15, arises when not all strings are correctly stored within the designated buffer during callback operations. As a result, this could lead to unstable behavior and potential exploitation of the affected binary. Ensuring that your systems are updated to versions beyond the vulnerable ones is critical for maintaining security.",The Gnu C Library,Glibc,7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:22:12.383Z,0 CVE-2024-33601,https://securityvulnerability.io/vulnerability/CVE-2024-33601,nscd: netgroup cache may terminate daemon on memory allocation failure,"The Name Service Cache Daemon (nscd) is susceptible to a Denial of Service issue due to improper memory management. Specifically, the netgroup cache implementation utilizes xmalloc or xrealloc functions, which can lead to unexpected termination of the daemon in the event of a memory allocation failure. This flaw, introduced in glibc 2.15 when the netgroup cache was added, poses significant risks as it can disrupt service for clients relying on nscd. It is critical for users of affected glibc versions to apply updates to safeguard against potential service disruptions.",The Gnu C Library,Glibc,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:22:07.763Z,0 CVE-2024-33600,https://securityvulnerability.io/vulnerability/CVE-2024-33600,Null pointer crashes after notfound response,"nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.",The Gnu C Library,Glibc,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:22:02.726Z,0 CVE-2024-33599,https://securityvulnerability.io/vulnerability/CVE-2024-33599,Stack-based buffer overflow in netgroup cache,"nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.",The Gnu C Library,Glibc,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:21:54.314Z,0 CVE-2024-2961,https://securityvulnerability.io/vulnerability/CVE-2024-2961,Buffer Overflow Vulnerability in GNU C Library's iconv() Function,"The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4 bytes. Exploitation of this vulnerability could lead to unintended behavior in applications, such as crashing or overwriting adjacent memory locations. Applications utilizing glibc versions 2.39 and older are particularly at risk, highlighting the importance of updating to secure versions to mitigate potential attacks.",The Gnu C Library,Glibc,7.3,HIGH,0.0007099999929778278,false,,true,true,true,2024-05-27T17:30:06.000Z,true,true,false,,2024-04-17T17:27:40.541Z,5081 CVE-2015-20109,https://securityvulnerability.io/vulnerability/CVE-2015-20109,Denial of Service Vulnerability in GNU C Library by Vendor,"The GNU C Library (glibc), specifically the end_pattern function invoked from internal_fnmatch, is susceptible to a vulnerability that allows context-dependent attackers to trigger a denial of service. This can be achieved through the fnmatch library function using specific patterns, such as **(!(). This issue has been misidentified in relation to another reported vulnerability (CVE-2015-8984), and while some Linux distributions may have addressed the latter, they may not have resolved this additional fnmatch-related issue, potentially exposing systems to application crashes.",Gnu,Glibc,5.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-06-25T00:00:00.000Z,0 CVE-2023-25139,https://securityvulnerability.io/vulnerability/CVE-2023-25139,Buffer Overflow in GNU C Library 2.37,"A vulnerability exists in the GNU C Library (glibc) version 2.37, where the 'sprintf' function may cause a buffer overflow under certain conditions. This issue arises when attempting to write a number's string representation with thousands separators into a precisely sized buffer. If the buffer is allocated the exact length needed for the padded string, it risks overflowing by two bytes, potentially leading to unexpected behavior or exploitation. This could be particularly damaging if untrusted input is processed.",Gnu,Glibc,9.8,CRITICAL,0.0021200000774115324,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0 CVE-2022-39046,https://securityvulnerability.io/vulnerability/CVE-2022-39046,Heap-based Buffer Overflow in GNU C Library's Syslog Function,"An issue exists in the GNU C Library (glibc) version 2.36 where the syslog function can be exploited when provided with a crafted input string exceeding 1024 bytes. This vulnerability allows the function to read uninitialized memory from the heap, which can lead to unintended information disclosure when the contents of this memory are logged. Consequently, sensitive data stored in the heap may be inadvertently exposed through log files, potentially compromising the system's security.",Gnu,Glibc,7.5,HIGH,0.0026199999265372753,false,,false,false,false,,,false,false,,2022-08-31T00:00:00.000Z,0 CVE-2021-3999,https://securityvulnerability.io/vulnerability/CVE-2021-3999,Buffer Overflow Vulnerability in glibc Affecting Linux Systems,"A vulnerability in the glibc library allows for an off-by-one buffer overflow and underflow within the getcwd() function, which could lead to memory corruption. This occurs when the size of the buffer is set to exactly 1. A local attacker, who has the capability to influence the input buffer and the size parameter passed to getcwd() within a setuid application, can exploit this vulnerability to potentially execute arbitrary code and gain elevated privileges on the affected system.",Gnu,Glibc,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-24T00:00:00.000Z,0 CVE-2021-3998,https://securityvulnerability.io/vulnerability/CVE-2021-3998,Information Leakage Vulnerability in glibc Affects Multiple Products,"A flaw exists in the glibc library that affects the behavior of the realpath() function, which can inadvertently return misleading values. This fault allows for potential information leakage, giving attackers the opportunity to access sensitive data that should remain secure. The ramifications of this vulnerability can expose critical system details, increasing the risk of further exploitation. It's recommended that users update to the latest patched versions of glibc to mitigate any associated risks.",Gnu,Glibc,7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2022-08-24T00:00:00.000Z,0 CVE-2022-23218,https://securityvulnerability.io/vulnerability/CVE-2022-23218,Buffer Overflow Vulnerability in GNU C Library's sunrpc Module by Oracle,"The GNU C Library (glibc) contains a vulnerability in the deprecated svcunix_create function within the sunrpc module. This issue arises due to the function's failure to validate the length of the path argument, leading to a potential buffer overflow. This flaw poses a significant risk of denial of service and can enable arbitrary code execution if the application is not built with a stack protector. As such, users and developers should prioritize updating to address this vulnerability and mitigate associated threats.",Gnu,Glibc,9.8,CRITICAL,0.00786999985575676,false,,false,false,false,,,false,false,,2022-01-14T00:00:00.000Z,0 CVE-2022-23219,https://securityvulnerability.io/vulnerability/CVE-2022-23219,Buffer Overflow Vulnerability in GNU C Library's sunrpc Module,"The deprecated clnt_create function within the sunrpc module of the GNU C Library fails to validate the length of the hostname argument, leading to a potential buffer overflow. This vulnerability can cause a denial of service or, if the application lacks a stack protector, may allow for arbitrary code execution by attackers. It highlights the importance of using secure coding practices and the need to promptly update affected libraries to mitigate risks.",Gnu,Glibc,9.8,CRITICAL,0.00786999985575676,false,,false,false,false,,,false,false,,2022-01-14T00:00:00.000Z,0 CVE-2021-43396,https://securityvulnerability.io/vulnerability/CVE-2021-43396,GNU C Library (glibc) Vulnerability in Iconv Functionality,"A flaw in the GNU C Library's iconv functionality allows remote attackers to exploit crafted ISO-2022-JP-3 data to produce a spurious '\0' character due to an internal state reset. This could compromise data integrity in specific iconv() applications; however, it is noted that successful exploitation requires invoking iconv() with a NULL input buffer, implying that a distinct application error is necessary for it to occur unintentionally.",Gnu,Glibc,7.5,HIGH,0.007400000002235174,false,,false,false,false,,,false,false,,2021-11-04T19:52:49.000Z,0 CVE-2021-38604,https://securityvulnerability.io/vulnerability/CVE-2021-38604,NULL Pointer Dereference in GNU C Library Affects Glibc Products,"A vulnerability in the GNU C Library (glibc), specifically in the 'librt' component, stems from improper handling of certain NOTIFY_REMOVED data within the mq_notify function. This issue can lead to a NULL pointer dereference, potentially enabling attackers to exploit the flaw. The vulnerability was introduced as a byproduct of a previous security fix (CVE-2021-33574), and affects multiple systems using glibc versions up to 2.34, leading to stability and security concerns.",Gnu,Glibc,7.5,HIGH,0.00880999956279993,false,,false,false,false,,,false,false,,2021-08-12T15:43:34.000Z,0 CVE-2021-35942,https://securityvulnerability.io/vulnerability/CVE-2021-35942,Vulnerability in GNU C Library impacting memory handling,"The GNU C Library (glibc) contains a vulnerability in the wordexp function, allowing for unexpected behavior when provided with crafted patterns. This flaw can lead to denial of service conditions or unauthorized information disclosure. The vulnerability arises from the use of the atoi function where strtoul should have been utilized, creating risks related to incorrect calculations and memory access. Proper validation and usage of functions are critical to mitigate these risks, and users are advised to update their systems to the latest versions to safeguard against potential exploitation.",Gnu,Glibc,9.1,CRITICAL,0.010859999805688858,false,,false,false,false,,,false,false,,2021-07-22T00:00:00.000Z,0 CVE-2021-33574,https://securityvulnerability.io/vulnerability/CVE-2021-33574,Use-After-Free Vulnerability in GNU C Library Affects glibc 2.32 and 2.33,"A use-after-free vulnerability exists in the mq_notify function of the GNU C Library that affects versions 2.32 and 2.33. When this function is called, it may improperly use the notification thread attributes object after it has been freed by the caller. This unintended usage could result in a denial of service, specifically causing application crashes, and could potentially have additional unspecified impacts, making it critical for developers and users of glibc to apply necessary patches and upgrades.",Gnu,Glibc,9.8,CRITICAL,0.006579999811947346,false,,false,false,false,,,false,false,,2021-05-25T00:00:00.000Z,0 CVE-2020-27618,https://securityvulnerability.io/vulnerability/CVE-2020-27618,Infinite Loop Vulnerability in GNU C Library Affects glibc by Sourceware,"The iconv function in the GNU C Library (glibc) versions 2.32 and earlier is susceptible to an infinite loop when it processes invalid multi-byte input sequences in certain encodings (IBM1364, IBM1371, IBM1388, IBM1390, IBM1399). This flaw prevents the input state from advancing correctly, potentially leading to a denial of service in applications utilizing this library. Proper sanitization of input and adherence to encoding standards is crucial in mitigating this issue.",Gnu,Glibc,5.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2021-02-26T00:00:00.000Z,0 CVE-2021-27645,https://securityvulnerability.io/vulnerability/CVE-2021-27645,Double-Free Vulnerability in GNU C Library's Nameserver Caching Daemon,"A double-free vulnerability exists within the nameserver caching daemon (nscd) of the GNU C Library versions 2.29 to 2.33. When processing requests for netgroup lookups, the nscd may encounter a double-free condition, which can lead to application crashes and potential Denial of Service on affected systems, resulting in degraded service. This poses a risk to stability and reliability in environments depending on glibc for network service functionality.",Gnu,Glibc,2.5,LOW,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-02-24T00:00:00.000Z,0 CVE-2021-3326,https://securityvulnerability.io/vulnerability/CVE-2021-3326,Denial of Service Vulnerability in GNU C Library (glibc) Versions 2.32 and Earlier,"The iconv function in the GNU C Library (glibc) 2.32 and earlier is susceptible to a denial of service attack when it encounters invalid input sequences in the ISO-2022-JP-3 encoding. This vulnerability causes an assertion failure in the code, leading to an abortion of the program. Exploitation of this flaw could disrupt services dependent on this library, impacting the availability of applications that rely on it for character set conversion.",Gnu,Glibc,7.5,HIGH,0.020430000498890877,false,,false,false,false,,,false,false,,2021-01-27T00:00:00.000Z,0 CVE-2019-25013,https://securityvulnerability.io/vulnerability/CVE-2019-25013,Buffer Over-read in GNU C Library's Iconv Feature Processing EUC-KR Encoding,"The iconv feature in the GNU C Library (glibc) through version 2.32 is susceptible to a buffer over-read when it encounters invalid multi-byte input sequences in the EUC-KR encoding. This flaw could allow an attacker to potentially read sensitive memory contents, leading to unintended information disclosure or other unpredictable behavior in applications that rely on this library for text processing.",Gnu,Glibc,5.9,MEDIUM,0.007120000198483467,false,,false,false,false,,,false,false,,2021-01-04T00:00:00.000Z,0 CVE-2020-29573,https://securityvulnerability.io/vulnerability/CVE-2020-29573,Buffer Overflow Vulnerability in GNU C Library for x86 Targets,"A buffer overflow vulnerability exists in the GNU C Library (glibc) for x86 targets prior to version 2.23. This issue arises when the input to the printf family of functions contains an 80-bit long double with a non-canonical bit pattern, particularly when specific byte sequences are passed to functions such as sprintf. As a result, an attacker could exploit this vulnerability to potentially manipulate or corrupt memory, leading to unexpected application behavior or denial of service. Importantly, this vulnerability does not impact glibc versions 2.23 and later due to significant updates made in 2015 that improved how C99 math functions are handled with GCC built-ins.",Gnu,Glibc,7.5,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2020-12-06T00:15:00.000Z,0 CVE-2020-29562,https://securityvulnerability.io/vulnerability/CVE-2020-29562,Denial of Service Vulnerability in GNU C Library Versions 2.30 to 2.32,"The GNU C Library (glibc or libc6) from versions 2.30 through 2.32 experiences a significant issue when the iconv function processes UCS4 text that contains an irreversible character. This flaw leads to an assertion failure in the code path, resulting in the abrupt termination of the program. Exploitation of this vulnerability can potentially lead to a denial of service, causing disruption of services dependent on glibc.",Gnu,Glibc,4.8,MEDIUM,0.0019099999917671084,false,,false,false,false,,,false,false,,2020-12-04T06:48:23.000Z,0 CVE-1999-0199,https://securityvulnerability.io/vulnerability/CVE-1999-0199,Man-in-the-middle Vulnerability in GNU C Library Affecting Developers,"The GNU C Library (glibc) prior to version 2.2 contains a vulnerability associated with documentation related to the tdelete function. This oversight means that if developers utilize this function without being aware of the documentation updates, it may lead to the potential exposure of a dangling pointer. This situation creates a security risk as attackers could exploit this weakness, impacting applications that rely on the glibc. Developers need to check their versions and any reliance on the tdelete function to mitigate risks.",Gnu,Glibc,9.8,CRITICAL,0.012380000203847885,false,,false,false,false,,,false,false,,2020-10-06T12:49:43.000Z,0 CVE-2020-1752,https://securityvulnerability.io/vulnerability/CVE-2020-1752,Use-After-Free Vulnerability in glibc Affecting Directory Path Handling,"A use-after-free vulnerability was identified in glibc, specifically linked to the handling of directory paths containing an initial tilde followed by a valid username. A local attacker could exploit this issue by crafting a malicious path that, when processed by the glob function, may lead to arbitrary code execution. This vulnerability affects glibc versions prior to 2.32 and highlights the importance of keeping libraries up-to-date to mitigate such security risks.",Gnu Libc,Glibc,7,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2020-04-30T00:00:00.000Z,0