GNU glibc 2.36.9000

CPE Details

GNU glibc 2.36.9000
gnu
glibc
2.36.9000
2025-03-05
12h53 +00:00
2025-03-05
12h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:glibc:2.36.9000:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

glibc

Version

2.36.9000

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-6246 2024-01-31 14h06 +00:00 A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
8.4
High
CVE-2023-4911 2023-10-03 17h25 +00:00 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
7.8
High
CVE-2023-5156 2023-09-25 15h55 +00:00 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
7.5
High
CVE-2023-4527 2023-09-18 16h32 +00:00 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
6.5
Medium
CVE-2023-0687 2023-02-05 23h00 +00:00 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
9.8
Critical
CVE-2013-4412 2019-11-04 11h44 +00:00 slim has NULL pointer dereference when using crypt() method from glibc 2.17
7.5
High
CVE-2010-4756 2011-03-02 18h00 +00:00 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
4