- glibc-2.28-251.el8 ()
- 2.28-251.el8_10.16
- 2025-04-21 14:00:10
- CVE CVE-2024-2961, CVSSv2 Score: 8.8
- Description:
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
- Patch: glibc/2.28/CVE-2024-2961-minor-version-189-or-higher.patch
- CVE CVE-2024-33599, CVSSv2 Score: 7.6
- Description:
nscd: Stack-based buffer overflow in netgroup cache
- Patch: glibc/2.28/CVE-2024-33599_RHEL-34264.patch
- CVE CVE-2024-33600, CVSSv2 Score: 5.3
- Description:
nscd: Null pointer crashes after notfound response
- Patch: glibc/2.28/CVE-2024-33600_RHEL-34267-1.patch
- CVE CVE-2024-33600, CVSSv2 Score: 5.3
- Description:
nscd: Null pointer crashes after notfound response
- Patch: glibc/2.28/CVE-2024-33600_RHEL-34267-2.patch
- CVE CVE-2024-33601 CVE-2024-33602, CVSSv2 Score: 4.0
- Description:
nscd: netgroup cache assumes NSS callback uses in-buffer strings
- Patch: glibc/2.28/CVE-2024-33601_33602_RHEL-34273.patch
- CVE CVE-2025-0395, CVSSv2 Score: 5.5
- Description:
A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the assert() function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.
- Patch: glibc/2.28/glibc-RHEL-83306-1.patch
- CVE CVE-2025-0395, CVSSv2 Score: 5.5
- Description:
A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the assert() function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.
- Patch: glibc/2.28/glibc-RHEL-83306-2.patch