Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: locale

Found 3 matching suggestions

Permalink CVE-2023-5156
created 4 months, 3 weeks ago
Glibc: dos due to memory leak in getaddrinfo.c

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Affected products

glibc
  • ==2.39
compat-glibc

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers

Permalink CVE-2023-4813
created 4 months, 3 weeks ago
Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Affected products

glibc
  • ==2.36
  • *
compat-glibc

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers

Permalink CVE-2023-4911
created 4 months, 3 weeks ago
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Affected products

glibc
  • *
  • <2.39
compat-glibc
redhat-virtualization-host
  • *
redhat-release-virtualization-host
  • *

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers