• glibc-2.28-127.el8 ()
  • 2.28-251.el8_10.16
  • 2025-04-21 14:00:10
  • CVE CVE-2023-4813, CVSSv2 Score: 5.9
  • Description:

    A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

  • Patch: glibc/2.28/glibc-RHEL-2434.patch
  • CVE CVE-2023-4806, CVSSv2 Score: 5.9
  • Description:

    A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

  • Patch: glibc/2.28/glibc-RHEL-2422.patch
  • CVE CVE-2024-2961, CVSSv2 Score: 8.8
  • Description:

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

  • Patch: glibc/2.28/CVE-2024-2961.patch
  • CVE CVE-2025-0395, CVSSv2 Score: 5.5
  • Description:

    A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the assert() function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.

  • Patch: glibc/2.28/glibc-RHEL-83306-1.patch