Information on source package glibc

Available versions

ReleaseVersion
jessie (security)2.19-18+deb8u10
stretch (security)2.24-11+deb9u1
buster2.24-14
sid2.24-14

Open issues

BugjessiestretchbustersidDescription
CVE-2017-8804vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...
CVE-2017-12133vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableUse-after-free in error path in clntudp_call
CVE-2017-12132vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...
CVE-2016-10228vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe iconv program in the GNU C Library (aka glibc or libc6) 2.25 and ...
CVE-2015-5180vulnerable (no DSA)fixedfixedfixedres_query in libresolv in glibc before 2.25 allows remote attackers to ...
CVE-2014-9761vulnerable (no DSA)fixedfixedfixedMultiple stack-based buffer overflows in the GNU C Library (aka glibc ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2015-8985vulnerablevulnerablevulnerablevulnerableThe pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...
CVE-2010-4756vulnerablevulnerablevulnerablevulnerableThe glob implementation in the GNU C Library (aka glibc or libc6) ...
CVE-2010-4052vulnerablevulnerablevulnerablevulnerableStack consumption vulnerability in the regcomp implementation in the ...
CVE-2010-4051vulnerablevulnerablevulnerablevulnerableThe regcomp implementation in the GNU C Library (aka glibc or libc6) ...

Resolved issues

BugDescription
TEMP-0552518-ADA4BAeglibc: ldd arbitrary code execution
CVE-2017-1000366glibc contains a vulnerability that allows specially crafted ...
CVE-2016-6323The makecontext function in the GNU C Library (aka glibc or libc6) ...
CVE-2016-5417Memory leak in the __res_vinit function in the IPv6 name server ...
CVE-2016-4429Stack-based buffer overflow in the clntudp_call function in ...
CVE-2016-3706Stack-based buffer overflow in the getaddrinfo function in ...
CVE-2016-3075Stack-based buffer overflow in the nss_dns implementation of the ...
CVE-2016-2856pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; ...
CVE-2016-1234Stack-based buffer overflow in the glob implementation in GNU C ...
CVE-2015-8984The fnmatch function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-8983Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...
CVE-2015-8982Integer overflow in the strxfrm function in the GNU C Library (aka ...
CVE-2015-8779Stack-based buffer overflow in the catopen function in the GNU C ...
CVE-2015-8778Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...
CVE-2015-8777The process_envvars function in elf/rtld.c in the GNU C Library (aka ...
CVE-2015-8776The strftime function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-7547Multiple stack-based buffer overflows in the (1) send_dg and (2) ...
CVE-2015-5277The get_contents function in nss_files/files-XXX.c in the Name Service ...
CVE-2015-5229The calloc function in the glibc package in Red Hat Enterprise Linux ...
CVE-2015-1781Buffer overflow in the gethostbyname_r and other unspecified NSS ...
CVE-2015-1473The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka ...
CVE-2015-1472The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka ...
CVE-2015-0235Heap-based buffer overflow in the __nss_hostname_digits_dots function ...
CVE-2014-9984nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does ...
CVE-2014-9402The nss_dns implementation of getnetbyname in GNU C Library (aka ...
CVE-2014-8121DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...
CVE-2014-7817The wordexp function in GNU C Library (aka glibc) 2.21 does not ...
CVE-2014-6040GNU C Library (aka glibc) before 2.20 allows context-dependent ...
CVE-2014-5119Off-by-one error in the __gconv_translit_find function in ...
CVE-2014-4043The posix_spawn_file_actions_addopen function in glibc before 2.20 ...
CVE-2014-0475Multiple directory traversal vulnerabilities in GNU C Library (aka ...
CVE-2013-7424The getaddrinfo function in glibc before 2.15, when compiled with ...
CVE-2013-7423The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...
CVE-2013-4788The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...
CVE-2013-4458Stack-based buffer overflow in the getaddrinfo function in ...
CVE-2013-4332Multiple integer overflows in malloc/malloc.c in the GNU C Library ...
CVE-2013-4237sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...
CVE-2013-2207pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not ...
CVE-2013-1914Stack-based buffer overflow in the getaddrinfo function in ...
CVE-2013-0242Buffer overflow in the extend_buffers function in the regular ...
CVE-2012-6656iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows ...
CVE-2012-4424Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...
CVE-2012-4412Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...
CVE-2012-3480Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...
CVE-2012-3406The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...
CVE-2012-3405The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...
CVE-2012-3404The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...
CVE-2011-5320glibc scanf implementation crashes on certain inputs
CVE-2011-2702Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...
CVE-2011-1659Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...
CVE-2011-1095locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...
CVE-2011-1089The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...
CVE-2011-1071The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded ...
CVE-2011-0536Multiple untrusted search path vulnerabilities in elf/dl-object.c in ...
CVE-2010-3856ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...
CVE-2010-3847elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...
CVE-2010-0830Integer signedness error in the elf_get_dynamic_info function in ...
CVE-2010-0296The encode_name macro in misc/mntent_r.c in the GNU C Library (aka ...
CVE-2010-0015nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...
CVE-2009-5064** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...
CVE-2009-5029Integer overflow in the __tzfile_read function in glibc before 2.15 ...
CVE-2009-4881Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...
CVE-2009-4880Multiple integer overflows in the strfmon implementation in the GNU C ...
CVE-2009-0537Integer overflow in the fts_build function in fts.c in libc in (1) ...
CVE-2008-1391Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...
CVE-2008-1367gcc 4.3.x does not generate a cld instruction while compiling ...
CVE-2008-0122Off-by-one error in the inet_network function in libbind in ISC BIND ...
CVE-2007-4840PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...
CVE-2007-3508** DISPUTED ** ...
CVE-2005-0403init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...
CVE-2004-1453GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...
CVE-2004-1382The glibcbug script in glibc 2.3.4 and earlier allows local users to ...
CVE-2004-0968The catchsegv script in glibc 2.3.2 and earlier allows local users to ...
CVE-2003-0689The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...
CVE-2003-0028Integer overflow in the xdrmem_getbytes() function, and possibly other ...
CVE-2002-1146The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...
CVE-2002-0684Buffer overflow in DNS resolver functions that perform lookup of ...
CVE-2002-0651Buffer overflow in the DNS resolver code used in libc, glibc, and ...
CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating ...

Security announcements

DSA / DLADescription
DSA-3887-1glibc - security update
DSA-3887-1glibc - security update
DSA-3481-1glibc - security update
DSA-2122-2glibc - privilege escalation
DSA-2122-1glibc - local privilege escalation
DSA-2058-1glibc - several vulnerabilities
DSA-1973-1glibc - information disclosure
DSA-1973-1glibc - information disclosure
DSA-636-1glibc - insecure temporary files
DSA-282glibc - integer overflow
DSA-149glibc - integer overflow

Search for package or bug name: Reporting problems