Search CVE reports
31 – 40 of 158 results
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
8 affected packages
eglibc, glibc, syslinux-legacy, dietlibc, sssd...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Ignored | Ignored | Ignored | Ignored |
| syslinux-legacy | Not in release | Not in release | Ignored | Ignored |
| dietlibc | Ignored | Ignored | Ignored | Ignored |
| sssd | Ignored | Ignored | Ignored | Ignored |
| syslinux | Ignored | Ignored | Ignored | Ignored |
| zabbix | Not in release | Ignored | Ignored | Ignored |
| uclibc | — | — | — | — |
Some fixes available 5 of 6
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
Some fixes available 1 of 2
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 5
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
Some fixes available 4 of 5
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow,...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This...
2 affected packages
glibc, eglibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| glibc | — | Not affected | Not affected | Not affected |
| eglibc | — | Not in release | Not in release | Not in release |
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Not affected | Not affected |
Some fixes available 3 of 6
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | — | Not in release | Not in release | Not in release |
| glibc | — | Not affected | Ignored | Ignored |
Some fixes available 3 of 5
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state,...
2 affected packages
eglibc, glibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eglibc | Not in release | Not in release | Not in release | Not in release |
| glibc | Not affected | Not affected | Fixed | Fixed |