**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-09-13
Updated
2024-02-19
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Max CVSS
4.3
EPSS Score
0.35%
Published
2021-10-21
Updated
2021-11-05
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Max CVSS
4.5
EPSS Score
0.05%
Published
2022-07-06
Updated
2023-09-13
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-12-27
Updated
2022-04-26
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Max CVSS
4.8
EPSS Score
0.25%
Published
2020-12-04
Updated
2021-03-19
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
Max CVSS
4.3
EPSS Score
0.63%
Published
2020-06-24
Updated
2021-11-30
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-12-26
Updated
2021-11-30
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-01-04
Updated
2018-01-19
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Max CVSS
4.0
EPSS Score
0.16%
Published
2017-07-26
Updated
2018-04-12
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.
Max CVSS
4.4
EPSS Score
0.16%
Published
2017-02-24
Updated
2017-07-28
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Max CVSS
4.3
EPSS Score
92.39%
Published
2015-05-12
Updated
2018-10-30
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Max CVSS
4.7
EPSS Score
0.04%
Published
2017-09-20
Updated
2017-09-27
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
Max CVSS
4.3
EPSS Score
0.30%
Published
2015-01-21
Updated
2018-10-30
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-08-14
Updated
2023-02-13
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Max CVSS
4.6
EPSS Score
0.06%
Published
2014-11-24
Updated
2023-02-13
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-05-08
Updated
2014-05-09
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Max CVSS
4.3
EPSS Score
0.24%
Published
2013-10-09
Updated
2023-02-13
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Max CVSS
4.0
EPSS Score
0.45%
Published
2013-02-08
Updated
2014-03-26
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Max CVSS
4.4
EPSS Score
0.73%
Published
2013-01-03
Updated
2016-12-24
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-08-25
Updated
2023-02-13
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-08-27
Updated
2017-08-29
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Max CVSS
4.4
EPSS Score
0.04%
Published
2012-08-07
Updated
2023-02-13
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-01-06
Updated
2014-03-26
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
Max CVSS
4.3
EPSS Score
0.10%
Published
2011-12-29
Updated
2013-01-03
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
Max CVSS
4.3
EPSS Score
0.31%
Published
2011-12-08
Updated
2017-12-29
63 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!