• glibc_2.23-0ubuntu10 (ubuntu-xenial)
  • 2.23-0ubuntu11.3
  • 2022-04-14 16:59:16
  • CVE CVE-2017-12133, CVSSv2 Score: 3.7
  • Description:

    Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

  • Patch: glibc/2.23/CVE-2017-12133.patch
  • CVE CVE-2017-18269, CVSSv2 Score: 7.3
  • Description:

    An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the sourc$

  • Patch: glibc/2.23/CVE-2017-18269.patch
  • CVE CVE-2018-11236, CVSSv2 Score: 7.8
  • Description:

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-$

  • Patch: glibc/2.23/CVE-2018-11236.patch
  • CVE CVE-2018-11237, CVSSv2 Score: 5.6
  • Description:

    A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code

  • Patch: glibc/2.23/CVE-2018-11237.patch
  • CVE CVE-2018-6485, CVSSv2 Score: 5.3
  • Description:

    An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption

  • Patch: glibc/2.23/CVE-2018-6485.patch
  • CVE CVE-2019-9169, CVSSv2 Score: 6.5
  • Description:

    In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

  • Patch: glibc/2.23/CVE-2019-9169.patch
  • CVE CVE-2020-10029, CVSSv2 Score: 5.7
  • Description:

    A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability.

  • Patch: glibc/2.23/CVE-2020-10029.patch
  • CVE CVE-2020-1751, CVSSv2 Score: 7.0
  • Description:

    An out-of-bounds write vulnerability was found in glibc when handling signal trampolines on PowerPC. The backtrace function did not properly check the array bounds when storing the frame address resulting in a denial of service or po$

  • Patch: glibc/2.23/CVE-2020-1751.patch
  • CVE CVE-2021-3999, CVSSv2 Score: 7.4
  • Description:

    An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1.

  • Patch: glibc/2.23/CVE-2021-3999.patch
  • CVE CVE-2022-23218, CVSSv2 Score: 7.0
  • Description:

    A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34

  • Patch: glibc/2.23/CVE-2022-23218-pre1.patch
  • CVE CVE-2022-23218, CVSSv2 Score: 7.0
  • Description:

    A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34

  • Patch: glibc/2.23/CVE-2022-23218.patch
  • CVE CVE-2022-23219, CVSSv2 Score: 7.0
  • Description:

    A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc's clnt_gen.c module

  • Patch: glibc/2.23/CVE-2022-23219.patch