Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-165-1
HistoryMar 06, 2015 - 12:00 a.m.

eglibc - security update

2015-03-0600:00:00
Google
osv.dev
31

EPSS

0.16

Percentile

96.1%

JSON

Several vulnerabilities have been fixed in eglibc, Debian’s version of
the GNU C library.

  • #553206,
    CVE-2015-1472,
    CVE-2015-1473
    The scanf family of functions do not properly limit stack
    allocation, which allows context-dependent attackers to cause a
    denial of service (crash) or possibly execute arbitrary code.

  • CVE-2012-3405
    The printf family of functions do not properly calculate a buffer
    length, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a
    denial of service.

  • CVE-2012-3406
    The printf family of functions do not properly limit stack
    allocation, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a
    denial of service (crash) or possibly execute arbitrary code via a
    crafted format string.

  • CVE-2012-3480
    Multiple integer overflows in the strtod, strtof, strtold,
    strtod_l, and other related functions allow local users to cause a
    denial of service (application crash) and possibly execute
    arbitrary code via a long string, which triggers a stack-based
    buffer overflow.

  • CVE-2012-4412
    Integer overflow in the strcoll and wcscoll functions allows
    context-dependent attackers to cause a denial of service (crash)
    or possibly execute arbitrary code via a long string, which
    triggers a heap-based buffer overflow.

  • CVE-2012-4424
    Stack-based buffer overflow in the strcoll and wcscoll functions
    allows context-dependent attackers to cause a denial of service
    (crash) or possibly execute arbitrary code via a long string that
    triggers a malloc failure and use of the alloca function.

  • CVE-2013-0242
    Buffer overflow in the extend_buffers function in the regular
    expression matcher allows context-dependent attackers to cause a
    denial of service (memory corruption and crash) via crafted
    multibyte characters.

  • CVE-2013-1914,
    CVE-2013-4458
    Stack-based buffer overflow in the getaddrinfo function allows
    remote attackers to cause a denial of service (crash) via a
    hostname or IP address that triggers a large number of domain
    conversion results.

  • CVE-2013-4237
    readdir_r allows context-dependent attackers to cause a denial of
    service (out-of-bounds write and crash) or possibly execute
    arbitrary code via a malicious NTFS image or CIFS service.

  • CVE-2013-4332
    Multiple integer overflows in malloc/malloc.c allow
    context-dependent attackers to cause a denial of service (heap
    corruption) via a large value to the pvalloc, valloc,
    posix_memalign, memalign, or aligned_alloc functions.

  • CVE-2013-4357
    The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
    getservbyname_r, getservbyport, getservbyport_r, and glob
    functions do not properly limit stack allocation, which allows
    context-dependent attackers to cause a denial of service (crash)
    or possibly execute arbitrary code.

  • CVE-2013-4788
    When the GNU C library is statically linked into an executable,
    the PTR_MANGLE implementation does not initialize the random value
    for the pointer guard, so that various hardening mechanisms are not
    effective.

  • CVE-2013-7423
    The send_dg function in resolv/res_send.c does not properly reuse
    file descriptors, which allows remote attackers to send DNS
    queries to unintended locations via a large number of requests that
    trigger a call to the getaddrinfo function.

  • CVE-2013-7424
    The getaddrinfo function may attempt to free an invalid pointer
    when handling IDNs (Internationalised Domain Names), which allows
    remote attackers to cause a denial of service (crash) or possibly
    execute arbitrary code.

  • CVE-2014-4043
    The posix_spawn_file_actions_addopen function does not copy its
    path argument in accordance with the POSIX specification, which
    allows context-dependent attackers to trigger use-after-free
    vulnerabilities.

For the oldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u5.

For the stable distribution (wheezy), these problems were fixed in
version 2.13-38+deb7u8 or earlier.

Related

debian 3
openvas 59
nessus 63
altlinux 3
ubuntu 7
securityvulns 6
gentoo 1
mageia 3
suse 3
fedora 6
osv 3
slackware 1
redhat 6
amazon 3
oraclelinux 4
centos 5
prion 2
cve 2
cvelist 2
debiancve 2
nvd 2
ibm 3
veracode 2
ubuntucve 3
archlinux 1
f5 4
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 350-1] eglibc security update
2015-11-26 17:49:39
openvas
openvas
Debian: Security Advisory (DLA-165-1)
2023-03-08 00:00:00
Ubuntu Update for eglibc USN-1991-1
2013-10-29 00:00:00
Ubuntu: Security Advisory (USN-1991-1)
2013-10-29 00:00:00
nessus
nessus
Debian DLA-165-1 : eglibc security update
2015-03-26 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
2013-10-22 00:00:00
SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
2013-12-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
GNU C Library regression
2014-09-08 00:00:00
GNU C Library regression
2012-12-17 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
glibc security vulnerabilities
2013-12-01 00:00:00
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
mageia
mageia
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
Updated glibc packages fix security vulnerabilities
2015-02-17 21:38:13
suse
suse
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
Security update for glibc (important)
2014-09-12 02:04:23
fedora
fedora
[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19
2013-09-28 00:07:09
[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19
2013-08-22 00:50:09
[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19
2014-10-19 13:24:18
osv
osv
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-11-26 00:00:00
glibc-2.24-2.3 on GA media
2024-06-15 00:00:00
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
redhat
redhat
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
(RHSA-2014:1391) Moderate: glibc security, bug fix, and enhancement update
2014-10-14 00:00:00
amazon
amazon
Medium: glibc
2013-12-17 21:39:00
Important: glibc
2015-12-14 10:00:00
Medium: glibc
2012-07-25 17:56:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
centos
centos
glibc, nscd security update
2013-11-26 13:31:38
glibc, nscd security update
2015-11-30 19:30:07
glibc, nscd security update
2014-10-20 18:08:56
prion
prion
Stack overflow
2013-12-12 18:55:00
Format string
2014-02-10 18:15:00
cve
cve
CVE-2013-4458
2013-12-12 18:55:10
CVE-2012-3406
2014-02-10 18:15:10
cvelist
cvelist
CVE-2013-4458
2013-12-12 18:00:00
CVE-2012-3406
2014-02-10 17:00:00
debiancve
debiancve
CVE-2013-4458
2013-12-12 18:55:10
CVE-2012-3406
2014-02-10 18:15:10
nvd
nvd
CVE-2013-4458
2013-12-12 18:55:10
CVE-2012-3406
2014-02-10 18:15:10
ibm
ibm
Security Bulletin: Vulnerabilities in glibc could lead to a local or remote buffer overflow in IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server . (CVE-2015-1472, CVE-2013-7423)
2018-06-15 07:02:48
Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM
2018-06-18 01:30:38
Security Bulletin: Multiple vulnerabilities in glibc affect IBM Flex System Manager(FSM) (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2019-01-31 01:45:01
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
Remote Code Execution (RCE)
2019-01-15 08:54:39
ubuntucve
ubuntucve
CVE-2015-1473
2015-02-05 00:00:00
CVE-2012-3406
2012-07-13 00:00:00
CVE-2013-4458
2013-12-12 00:00:00
archlinux
archlinux
glibc: multiple issues
2015-02-09 00:00:00
f5
f5
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
K16364 : GNU C Library (glibc) vulnerability CVE-2012-3406
2015-07-23 00:00:00
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00

EPSS

0.16

Percentile

96.1%

JSON
Related for OSV:DLA-165-1
debian3openvas59nessus63altlinux3ubuntu7securityvulns6gentoo1mageia3suse3fedora6osv3slackware1redhat6amazon3oraclelinux4centos5prion2cve2cvelist2debiancve2nvd2ibm3veracode2ubuntucve3archlinux1f54