- glibc_2.28-10+deb10u2 ()
- 2.28-10+deb10u4
- 2024-10-16 12:30:09
- CVE CVE-2024-2961, CVSSv2 Score: 8.8
- Description:
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
- Patch: glibc/2.28/git-0001-iconv-ISO-2022-CN-EXT-fix-out-of-bound-writes-when-w.patch
- CVE CVE-2024-33599, CVSSv2 Score: 7.6
- Description:
nscd: Stack-based buffer overflow in netgroup cache
- Patch: glibc/2.28/git-0001-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch
- CVE CVE-2024-33600, CVSSv2 Score: 5.3
- Description:
nscd: Null pointer crashes after notfound response
- Patch: glibc/2.28/git-0002-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch
- CVE CVE-2024-33600, CVSSv2 Score: 5.3
- Description:
nscd: Null pointer crashes after notfound response
- Patch: glibc/2.28/git-0003-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch
- CVE CVE-2024-33601 CVE-2024-33602, CVSSv2 Score: 8.6
- Description:
nscd: netgroup cache assumes NSS callback uses in-buffer strings
- Patch: glibc/2.28/git-0004-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two-.patch
- CVE CVE-2024-33601 CVE-2024-33602, CVSSv2 Score: 8.6
- Description:
nscd: netgroup cache assumes NSS callback uses in-buffer strings
- Patch: glibc/2.28/git-0005-nscd-Use-time_t-for-return-type-of-addgetnetgrentX.patch