GNU
Products by GNU Sorted by Most Security Vulnerabilities since 2018
Known Exploited GNU Vulnerabilities
The following GNU vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. CVE-2014-6271 | January 28, 2022 |
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. CVE-2014-7169 | January 28, 2022 |
By the Year
In 2023 there have been 15 vulnerabilities in GNU with an average score of 8.0 out of ten. Last year GNU had 45 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in GNU in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.87.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 15 | 8.05 |
2022 | 45 | 7.17 |
2021 | 87 | 7.48 |
2020 | 54 | 7.11 |
2019 | 80 | 7.05 |
2018 | 76 | 6.64 |
It may take a day or so for new GNU vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Security Vulnerabilities
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name
CVE-2023-28617
9.8 - Critical
- March 19, 2023
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Shell injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI
CVE-2023-27985
7.8 - High
- March 09, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.
Shell injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
CVE-2023-27986
7.8 - High
- March 09, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
Code Injection
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5
CVE-2023-25222
8.8 - High
- March 01, 2023
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Memory Corruption
GNU libmicrohttpd before 0.9.76
CVE-2023-27371
5.9 - Medium
- February 28, 2023
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Out-of-bounds Read
An issue was discovered in GNU Emacs through 28.2
CVE-2022-48339
7.8 - High
- February 20, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
Command Injection
GNU Emacs through 28.2
CVE-2022-48337
9.8 - Critical
- February 20, 2023
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Command Injection
An issue was discovered in GNU Emacs through 28.2
CVE-2022-48338
7.3 - High
- February 20, 2023
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
Command Injection
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS
CVE-2023-0361
7.5 - High
- February 15, 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Side Channel Attack
In GNU Less before 609, crafted data
CVE-2022-46663
7.5 - High
- February 07, 2023
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
** DISPUTED ** A vulnerability was found in GNU C Library 2.38
CVE-2023-0687
9.8 - Critical
- February 06, 2023
** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
Classic Buffer Overflow
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size
CVE-2023-25139
9.8 - Critical
- February 03, 2023
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
Memory Corruption
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
CVE-2022-48303
7.8 - High
- January 30, 2023
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Out-of-bounds Read
An illegal memory access flaw was found in the binutils package
CVE-2022-4285
5.5 - Medium
- January 27, 2023
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
NULL Pointer Dereference
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform
CVE-2022-3715
7.8 - High
- January 05, 2023
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
Memory Corruption
When rendering certain unicode sequences
CVE-2022-3775
7.1 - High
- December 19, 2022
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Memory Corruption
A buffer overflow was found in grub_font_construct_glyph()
CVE-2022-2601
8.6 - High
- December 14, 2022
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Memory Corruption
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow
CVE-2022-45332
7.8 - High
- November 30, 2022
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
Memory Corruption
GNU Emacs through 28.2
CVE-2022-45939
7.8 - High
- November 28, 2022
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Shell injection
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check
CVE-2021-46848
9.1 - Critical
- October 24, 2022
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Out-of-bounds Read
GNU oSIP v5.3.0 was discovered to contain an integer overflow
CVE-2022-41550
6.5 - Medium
- October 11, 2022
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.
Integer Overflow or Wraparound
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file
CVE-2022-25309
5.5 - Medium
- September 06, 2022
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
Heap-based Buffer Overflow
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file
CVE-2022-25310
5.5 - Medium
- September 06, 2022
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
Buffer Overflow
A stack-based buffer overflow flaw was found in the Fribidi package
CVE-2022-25308
7.8 - High
- September 06, 2022
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Stack Overflow
An issue was discovered in PSPP 1.6.2
CVE-2022-39831
7.8 - High
- September 05, 2022
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
Memory Corruption
An issue was discovered in PSPP 1.6.2
CVE-2022-39832
7.8 - High
- September 05, 2022
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Memory Corruption
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty
CVE-2021-3826
7.5 - High
- September 01, 2022
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Buffer Overflow
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility
CVE-2022-1271
8.8 - High
- August 31, 2022
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Improper Input Validation
An issue was discovered in the GNU C Library (glibc) 2.36
CVE-2022-39046
5.3 - Medium
- August 31, 2022
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Insertion of Sensitive Information into Log File
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference
CVE-2022-39028
7.5 - High
- August 30, 2022
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
NULL Pointer Dereference
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new
CVE-2022-38533
5.5 - Medium
- August 26, 2022
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
Memory Corruption
A flaw was found in glibc
CVE-2021-3998
7.5 - High
- August 24, 2022
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Out-of-bounds Read
A flaw was found in glibc
CVE-2021-3999
7.8 - High
- August 24, 2022
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
off-by-five
A NULL pointer dereference flaw was found in GnuTLS
CVE-2021-4209
6.5 - Medium
- August 24, 2022
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
NULL Pointer Dereference
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free
CVE-2022-35164
9.8 - Critical
- August 18, 2022
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
Dangling pointer
A vulnerability found in gnutls
CVE-2022-2509
7.5 - High
- August 01, 2022
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Double-free
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVE-2022-2469
8.1 - High
- July 19, 2022
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
Out-of-bounds Read
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area
CVE-2021-3695
4.5 - Medium
- July 06, 2022
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader
CVE-2021-3696
4.5 - Medium
- July 06, 2022
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap
CVE-2021-3697
7 - High
- July 06, 2022
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
There is an Assertion `int decode_preR13_entities(BITCODE_RL
CVE-2022-33024
7.5 - High
- June 23, 2022
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.
assertion failure
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free
CVE-2022-33025
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
Dangling pointer
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow
CVE-2022-33026
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free
CVE-2022-33027
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
Dangling pointer
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow
CVE-2022-33028
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow
CVE-2022-33032
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a double-free
CVE-2022-33033
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
Double-free
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow
CVE-2022-33034
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
Memory Corruption
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4
CVE-2021-42585
8.8 - High
- May 23, 2022
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
Memory Corruption
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4
CVE-2021-42586
8.8 - High
- May 23, 2022
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
Memory Corruption
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
CVE-2022-29458
7.1 - High
- April 18, 2022
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Out-of-bounds Read
libiberty/rust-demangle.c in GNU GCC 11.2
CVE-2022-27943
5.5 - Medium
- March 26, 2022
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
Resource Exhaustion
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set
CVE-2021-3981
3.3 - Low
- March 10, 2022
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
Incorrect Default Permissions
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90
CVE-2021-46019
5.5 - Medium
- January 14, 2022
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
NULL Pointer Dereference
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c
CVE-2021-46195
5.5 - Medium
- January 14, 2022
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
Stack Exhaustion
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90
CVE-2021-46021
5.5 - Medium
- January 14, 2022
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
Dangling pointer
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90
CVE-2021-46022
5.5 - Medium
- January 14, 2022
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
Dangling pointer
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length
CVE-2022-23219
9.8 - Critical
- January 14, 2022
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Classic Buffer Overflow
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length
CVE-2022-23218
9.8 - Critical
- January 14, 2022
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Classic Buffer Overflow
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called
CVE-2021-45950
6.5 - Medium
- January 01, 2022
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
Memory Corruption
An Invalid Pointer vulnerability exists in GNU patch 2.7
CVE-2021-45261
5.5 - Medium
- December 22, 2021
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
Release of Invalid Pointer or Reference
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37
CVE-2021-45078
7.8 - High
- December 15, 2021
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Memory Corruption
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference
CVE-2021-28236
7.5 - High
- December 02, 2021
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
NULL Pointer Dereference
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow
CVE-2021-28237
9.8 - Critical
- December 02, 2021
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
Memory Corruption
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using
CVE-2021-44227
8.8 - High
- December 02, 2021
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Session Riding
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability
CVE-2021-37322
7.8 - High
- November 18, 2021
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
Dangling pointer
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page
CVE-2021-43331
6.1 - Medium
- November 12, 2021
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
XSS
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password
CVE-2021-43332
6.5 - Medium
- November 12, 2021
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Insufficiently Protected Credentials
An issue was discovered in GNU Hurd before 0.9 20210404-9
CVE-2021-43411
7.5 - High
- November 07, 2021
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
Race Condition
An issue was discovered in GNU Hurd before 0.9 20210404-9
CVE-2021-43412
7.8 - High
- November 07, 2021
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
Dangling pointer
An issue was discovered in GNU Hurd before 0.9 20210404-9
CVE-2021-43413
8.8 - High
- November 07, 2021
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
An issue was discovered in GNU Hurd before 0.9 20210404-9
CVE-2021-43414
7 - High
- November 07, 2021
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
AuthZ
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data
CVE-2021-43396
7.5 - High
- November 04, 2021
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."
GNU Mailman before 2.1.35 may allow remote Privilege Escalation
CVE-2021-42096
4.3 - Medium
- October 21, 2021
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Improper Restriction of Excessive Authentication Attempts
GNU Mailman before 2.1.35 may allow remote Privilege Escalation
CVE-2021-42097
8 - High
- October 21, 2021
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
Session Riding
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39523
6.5 - Medium
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
NULL Pointer Dereference
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39530
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in ncurses through v6.2-1
CVE-2021-39537
8.8 - High
- September 20, 2021
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39527
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39525
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39521
6.5 - Medium
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
NULL Pointer Dereference
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39522
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39528
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
Double-free
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address
CVE-2021-40491
6.5 - Medium
- September 03, 2021
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
Insufficient Verification of Data Authenticity
In librt in the GNU C Library (aka glibc) through 2.34
CVE-2021-38604
7.5 - High
- August 12, 2021
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
NULL Pointer Dereference
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
CVE-2021-38185
7.8 - High
- August 08, 2021
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Integer Overflow or Wraparound
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted
CVE-2021-35942
9.1 - Critical
- July 22, 2021
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Integer Overflow or Wraparound
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called
CVE-2019-25051
7.8 - High
- July 20, 2021
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
Memory Corruption
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called
CVE-2021-36080
8.8 - High
- July 01, 2021
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
Double-free
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36
CVE-2021-3530
7.5 - High
- June 02, 2021
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Stack Exhaustion
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS)
CVE-2020-18395
7.5 - High
- May 28, 2021
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
NULL Pointer Dereference
An out of bounds flaw was found in GNU binutils objdump utility version 2.36
CVE-2021-3549
7.1 - High
- May 26, 2021
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
Memory Corruption
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free
CVE-2021-33574
9.8 - Critical
- May 25, 2021
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Dangling pointer
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1
CVE-2020-23861
5.5 - Medium
- May 18, 2021
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
Memory Corruption
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service
CVE-2020-23856
5.5 - Medium
- May 18, 2021
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
Dangling pointer
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory
CVE-2020-21842
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
Memory Corruption
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC
CVE-2020-21843
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles
CVE-2020-21831
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
Memory Corruption
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap
CVE-2020-21844
8.8 - High
- May 17, 2021
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.