Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

Found 13 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2023-5156
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Glibc: dos due to memory leak in getaddrinfo.c

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

References

Affected products

glibc
  • ==2.39
compat-glibc

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers

Untriaged
Permalink CVE-2023-4813
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

References

Affected products

glibc
  • *
  • ==2.36
compat-glibc

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers

Untriaged
Permalink CVE-2023-4911
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

References

Affected products

glibc
  • <2.39
  • *
compat-glibc
redhat-virtualization-host
  • *
redhat-release-virtualization-host
  • *

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcInfo

GNU Info manual of the GNU C Library

Package maintainers