Filtered by vendor Gnu
Subscribe
Search
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3466 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Libmicrohttpd, Enterprise Linux | 2023-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | |||||
| CVE-2020-35357 | 1 Gnu | 1 Gnu Scientific Library | 2023-08-26 | N/A | 9.8 CRITICAL |
| A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-46848 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2023-08-08 | N/A | 9.1 CRITICAL |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | |||||
| CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2023-08-08 | N/A | 9.8 CRITICAL |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2022-28734 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 9.8 CRITICAL |
| Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. | |||||
| CVE-2022-23218 | 1 Gnu | 1 Glibc | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
| CVE-2022-23219 | 1 Gnu | 1 Glibc | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
| CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
| CVE-2019-9775 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. | |||||
| CVE-2019-9774 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | |||||
| CVE-2021-26937 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Screen | 2022-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||||
| CVE-2021-33574 | 3 Fedoraproject, Gnu, Netapp | 19 Fedora, Glibc, Cloud Backup and 16 more | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
| CVE-2020-9366 | 1 Gnu | 1 Screen | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | |||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | |||||
| CVE-2014-6271 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
| CVE-2021-35942 | 2 Gnu, Netapp | 6 Glibc, Active Iq Unified Manager, E-series Santricity Os Controller and 3 more | 2021-09-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||
| CVE-2019-17544 | 2 Canonical, Gnu | 2 Ubuntu Linux, Aspell | 2021-08-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | |||||
| CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2021-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
| CVE-2019-1010022 | 1 Gnu | 1 Glibc | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." | |||||
| CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2021-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | |||||
| CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | |||||
| CVE-2017-14062 | 2 Debian, Gnu | 2 Debian Linux, Libidn2 | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-1999-0199 | 1 Gnu | 1 Glibc | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | |||||
| CVE-2018-18751 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Gettext, Enterprise Linux | 2020-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | |||||
| CVE-2019-5953 | 1 Gnu | 1 Wget | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | |||||
| CVE-2018-6551 | 1 Gnu | 1 Glibc | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | |||||
| CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
| CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 9 Glibc, Data Ontap Edge, Element Software Management and 6 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | |||||
| CVE-2019-20914 | 1 Gnu | 1 Libredwg | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. | |||||
| CVE-2017-18269 | 2 Gnu, Linux | 2 Glibc, Linux Kernel | 2020-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. | |||||
| CVE-2017-9109 | 2 Gnu, Opensuse | 2 Adns, Leap | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. | |||||
| CVE-2017-9104 | 2 Gnu, Opensuse | 2 Adns, Leap | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | |||||
| CVE-2017-9103 | 2 Gnu, Opensuse | 2 Adns, Leap | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. | |||||
| CVE-2015-8972 | 1 Gnu | 1 Chess | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | |||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2020-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||
| CVE-2019-20433 | 1 Gnu | 1 Aspell | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | |||||
| CVE-2012-0824 | 1 Gnu | 1 Gnusound | 2019-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| gnusound 0.7.5 has format string issue | |||||
| CVE-2019-18224 | 1 Gnu | 1 Libidn2 | 2019-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | |||||
| CVE-2017-14061 | 1 Gnu | 1 Libidn2 | 2019-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
| CVE-2017-7226 | 1 Gnu | 1 Binutils | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. | |||||
| CVE-2017-6969 | 1 Gnu | 1 Binutils | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | |||||
| CVE-2018-12699 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2019-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | |||||
| CVE-2014-9984 | 1 Gnu | 1 Glibc | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | |||||
| CVE-2014-9761 | 5 Canonical, Fedoraproject, Gnu and 2 more | 9 Ubuntu Linux, Fedora, Glibc and 6 more | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |||||
| CVE-2005-3590 | 1 Gnu | 1 Glibc | 2019-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | |||||
| CVE-2017-18201 | 1 Gnu | 1 Libcdio | 2018-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||||
| CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
| CVE-2017-5336 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
| CVE-2017-5337 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||