Uclibc-ng_project Uclibc-ng
7 CVEs affecting Uclibc-ng_project Uclibc-ng. Latest disclosed: 2022-09-29. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-29503 | Critical | 9.8 | 2022-09-29 | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to me… |
CVE-2021-43523 | Critical | 9.6 | 2021-11-10 | In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethost… |
CVE-2016-2225 | High | 7.5 | 2017-03-24 | The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a c… |
CVE-2016-2224 | High | 7.5 | 2017-03-24 | The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vector… |
CVE-2016-6264 | High | 7.5 | 2017-01-27 | Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (cra… |
CVE-2021-27419 | High | 7.3 | 2022-05-03 | uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memo… |
CVE-2022-30295 | Medium | 6.5 | 2022-05-06 | uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a… |