CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43396 2021-11-04 2021-11-17
5.0
None Remote Low Not required None Partial None
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."
2 CVE-2021-38604 476 2021-08-12 2021-10-07
5.0
None Remote Low Not required None None Partial
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
3 CVE-2021-31879 601 2021-04-29 2021-06-18
5.8
None Remote Medium Not required Partial Partial None
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
4 CVE-2021-3549 119 Overflow Mem. Corr. 2021-05-26 2021-06-04
5.8
None Remote Medium Not required None Partial Partial
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
5 CVE-2021-3530 674 2021-06-02 2021-09-14
5.0
None Remote Low Not required None None Partial
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
6 CVE-2021-3326 617 DoS 2021-01-27 2021-07-06
5.0
None Remote Low Not required None None Partial
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
7 CVE-2020-35494 908 2021-01-04 2021-07-10
5.8
None Remote Medium Not required Partial None Partial
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
8 CVE-2020-29573 787 Overflow 2020-12-06 2021-01-26
5.0
None Remote Low Not required None None Partial
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
9 CVE-2020-24659 787 2020-09-04 2020-10-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
10 CVE-2020-18395 476 DoS 2021-05-28 2021-06-01
5.0
None Remote Low Not required None None Partial
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
11 CVE-2020-13777 327 Bypass 2020-06-04 2020-06-19
5.8
None Remote Medium Not required Partial Partial None
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
12 CVE-2020-11501 327 2020-04-03 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
13 CVE-2020-6614 125 2020-01-08 2020-01-23
5.8
None Remote Medium Not required Partial None Partial
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
14 CVE-2020-6613 125 2020-01-08 2020-01-23
5.8
None Remote Medium Not required Partial None Partial
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
15 CVE-2020-6612 125 2020-01-08 2020-01-23
5.8
None Remote Medium Not required Partial None Partial
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
16 CVE-2020-1751 787 DoS Exec Code 2020-04-17 2020-07-09
5.9
None Local Medium Not required Partial Partial Complete
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
17 CVE-2019-1010025 330 Bypass 2019-07-15 2020-11-16
5.0
None Remote Low Not required Partial None None
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
18 CVE-2019-1010024 200 Bypass +Info 2019-07-15 2020-11-16
5.0
None Remote Low Not required Partial None None
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
19 CVE-2019-20915 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
20 CVE-2019-20913 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
21 CVE-2019-20910 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
22 CVE-2019-20909 476 2020-07-16 2020-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
23 CVE-2019-17595 125 2019-10-14 2021-02-08
5.8
None Remote Medium Not required Partial None Partial
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
24 CVE-2019-16200 681 +Info 2019-11-20 2020-08-24
5.0
None Remote Low Not required Partial None None
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.
25 CVE-2019-15847 331 2019-09-02 2020-09-17
5.0
None Remote Low Not required Partial None None
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
26 CVE-2019-13636 59 2019-07-17 2019-07-24
5.8
None Remote Medium Not required None Partial Partial
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
27 CVE-2019-12290 20 2019-10-22 2019-10-29
5.0
None Remote Low Not required None Partial None
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
28 CVE-2019-9923 476 2019-03-22 2021-06-29
5.0
None Remote Low Not required None None Partial
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
29 CVE-2019-9779 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
30 CVE-2019-9778 125 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
31 CVE-2019-9777 125 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
32 CVE-2019-9776 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
33 CVE-2019-9773 787 Overflow 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
34 CVE-2019-9772 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
35 CVE-2019-9771 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
36 CVE-2019-9770 787 Overflow 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.
37 CVE-2019-9192 674 2019-02-26 2020-08-24
5.0
None Remote Low Not required None None Partial
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.
38 CVE-2019-3836 824 2019-04-01 2019-05-30
5.0
None Remote Low Not required None None Partial
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
39 CVE-2019-3829 415 Mem. Corr. 2019-03-27 2019-05-30
5.0
None Remote Low Not required None None Partial
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
40 CVE-2018-20796 674 2019-02-26 2019-11-05
5.0
None Remote Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
41 CVE-2018-20657 772 DoS 2019-01-02 2019-11-06
5.0
None Remote Low Not required None None Partial
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
42 CVE-2018-19591 20 2018-12-04 2020-07-09
5.0
None Remote Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
43 CVE-2018-12934 770 2018-06-28 2020-04-21
5.0
None Remote Low Not required None None Partial
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
44 CVE-2018-12700 835 2018-06-23 2019-10-03
5.0
None Remote Low Not required None None Partial
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
45 CVE-2018-12698 2018-06-23 2019-10-03
5.0
None Remote Low Not required None None Partial
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
46 CVE-2018-12697 476 2018-06-23 2019-08-03
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
47 CVE-2018-6952 415 2018-02-13 2019-04-17
5.0
None Remote Low Not required None None Partial
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
48 CVE-2018-6951 476 DoS 2018-02-13 2019-04-17
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
49 CVE-2018-6003 674 2018-01-22 2021-06-29
5.0
None Remote Low Not required None None Partial
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
50 CVE-2017-15938 119 DoS Overflow 2017-10-27 2018-01-09
5.0
None Remote Low Not required None None Partial
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
Total number of vulnerabilities : 206   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.