Gnu Glibc
93 CVEs affecting Gnu Glibc. Latest disclosed: 2026-04-28. Critical: 7, High: 22.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-15804 | Critical | 9.8 | 2017-10-22 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operato… |
CVE-2017-15670 | Critical | 9.8 | 2017-10-20 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related… |
CVE-2014-9984 | Critical | 9.8 | 2017-06-12 | nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests… |
CVE-2015-8779 | Critical | 9.8 | 2016-04-19 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial… |
CVE-2015-8778 | Critical | 9.8 | 2016-04-19 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or p… |
CVE-2014-9761 | Critical | 9.8 | 2016-04-19 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (app… |
CVE-2015-8776 | Critical | 9.1 | 2016-04-19 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash)… |
CVE-2023-6246 | High | 8.4 | 2024-01-31 | A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. Th… |
CVE-2016-2856 | High | 8.4 | 2016-03-14 | pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8… |
CVE-2023-6779 | High | 8.2 | 2024-01-31 | An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog f… |
CVE-2024-33599 | High | 8.1 | 2024-05-06 | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subseque… |
CVE-2017-17426 | High | 8.1 | 2017-12-05 | The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object wh… |
CVE-2015-8983 | High | 8.1 | 2017-03-20 | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers… |
CVE-2015-8982 | High | 8.1 | 2017-03-15 | Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service… |
CVE-2015-7547 | High | 8.1 | 2016-02-18 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2… |
CVE-2023-4911 | High | 7.8 | 2023-10-03 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a… |
CVE-2017-16997 | High | 7.8 | 2017-12-18 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE… |
CVE-2017-1000366 | High | 7.8 | 2017-06-19 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting… |
CVE-2015-5180 | High | 7.5 | 2017-06-27 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). |
CVE-2017-8804 | High | 7.5 | 2017-05-07 | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attacke… |