GNU
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any GNU product.
RSS Feeds for GNU security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in GNU products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by GNU Sorted by Most Security Vulnerabilities since 2018
Known Exploited GNU Vulnerabilities
The following GNU vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| GNU Bash OS Command Injection Vulnerability |
GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. CVE-2014-6278 Exploit Probability: 90.5% |
October 2, 2025 |
| GNU C Library Buffer Overflow Vulnerability |
GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. CVE-2023-4911 Exploit Probability: 69.8% |
November 21, 2023 |
| GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. CVE-2014-6271 Exploit Probability: 94.2% |
January 28, 2022 |
| GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. CVE-2014-7169 Exploit Probability: 89.6% |
January 28, 2022 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2023-4911: GNU C Library Buffer Overflow Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in GNU. Last year, in 2025 GNU had 90 security vulnerabilities published. Right now, GNU is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 90 | 5.51 |
| 2024 | 33 | 6.68 |
| 2023 | 78 | 6.88 |
| 2022 | 51 | 7.18 |
| 2021 | 87 | 7.47 |
| 2020 | 54 | 7.11 |
| 2019 | 80 | 7.06 |
| 2018 | 77 | 6.62 |
It may take a day or so for new GNU vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-54770 | Nov 18, 2025 |
GRUB2 UAF in network module => DoSA vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability |
Grub2
|
| CVE-2025-61664 | Nov 18, 2025 |
GRUB2 Normal Module UAF Can Crash or Leak DataA vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. |
Grub2
|
| CVE-2025-61663 | Nov 18, 2025 |
GRUB2: UAF in normal command leads to DoSA vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded. |
Grub2
|
| CVE-2025-61662 | Nov 18, 2025 |
UAF in GRUB gettext module leads to denial of serviceA Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. |
Grub
|
| CVE-2025-61661 | Nov 18, 2025 |
CVE-2025-61661: GRUB USB String Conv DoSA vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited. |
Grub
|
| CVE-2025-54771 | Nov 18, 2025 |
Use-After-Free in GNU GRUB Causes DoS via Invalid File PointerA use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. |
Grub
|
| CVE-2025-58183 | Oct 29, 2025 |
GNU tar 1.0: tar.Reader Sparse Region DoS via Unbounded Allocationtar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations. |
Tar
|
| CVE-2025-11840 | Oct 16, 2025 |
GNU Binutils 2.45 OOB Read via vfinfo (ldmisc.c)A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue. |
Binutils
|
| CVE-2025-11839 | Oct 16, 2025 |
Local Exploit: Unchecked Return in Binutils 2.45 tg_tag_typeA security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. |
Binutils
|
| CVE-2025-11495 | Oct 08, 2025 |
Heap BOF in GNU Binutils 2.45 Linker elf_x86_64_relocate_sectionA vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch. |
Binutils
|
| CVE-2025-11494 | Oct 08, 2025 |
CVE-2025-11494: GNU Binutils 2.45 OOB Read in Linker elfxx-x86A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue. |
Binutils
|
| CVE-2025-11414 | Oct 07, 2025 |
GNU Binutils 2.45 OOB Read in get_link_hash_entry (Linker)A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component. |
Binutils
|
| CVE-2025-11413 | Oct 07, 2025 |
GNU Binutils 2.45 OOB Read in Linker (elf_link_add_object_symbols)A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised. |
Binutils
|
| CVE-2025-11412 | Oct 07, 2025 |
GNU Binutils 2.45 Linker OOB read in bfd_elf_gc_record_vtentryA vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. |
Binutils
|
| CVE-2025-11083 | Sep 27, 2025 |
GNU Binutils 2.45 Heap Buffer Overflow in elf_swap_shdr (Linker)A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46". |
Binutils
|
| CVE-2025-11082 | Sep 27, 2025 |
GNU Binutils 2.45 Heap-based BO in _bfd_elf_parse_eh_frame (Linker)A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46". |
Binutils
|
| CVE-2025-11081 | Sep 27, 2025 |
Binutils 2.45 OOB read in dump_dwarf_section local accessA vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue. |
Binutils
|
| CVE-2025-59378 | Sep 15, 2025 |
Setuid Privilege Escalation in guix-daemon (GNU Guix)In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended). |
Guix
|
| CVE-2025-8735 | Aug 08, 2025 |
Null Pointer Deref in GNU cflow <1.8 via Lexer yylexA vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
Cflow
|
| CVE-2025-8736 | Aug 08, 2025 |
GNU cflow <=1.8 Buffer Overflow in Lexer (Local Buffer Overrun)A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. |
Cflow
|
| CVE-2025-8734 | Aug 08, 2025 |
GNU Bison 3.8.2 Double Free in code_free (Local) |
|
| CVE-2025-8733 | Aug 08, 2025 |
Reachable Assertion in GNU Bison <=3.8.2 __obstack_vprintf_internal (local host) |
|
| CVE-2025-8225 | Jul 27, 2025 |
GNU Binutils 2.44 Mem Leak in DWARF Section HandlerA vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-8224 | Jul 27, 2025 |
Local NPE in BFD Library (Binutils 2.44) via elf.cA vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-8058 | Jul 23, 2025 |
glibc Double Free in regcomp v2.4-2.41The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. |
Glibc
|
| CVE-2025-7546 | Jul 13, 2025 |
GNU Binutils 2.45: Out-of-Bounds Write in bfd_elf_set_group_contents (Local)A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-7545 | Jul 13, 2025 |
Heap Buffer Overflow in GNU binutils 2.45 objcopy copy_sectionA vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-24294 | Jul 12, 2025 |
DoS via Unbounded DNS Name Decompression in resolv LibThe attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. |
Glibc
|
| CVE-2025-45582 | Jul 11, 2025 |
GNU Tar <1.35 Directory Traversal + File Overwrite via Double ExtractionGNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory. |
Tar
|
| CVE-2025-32990 | Jul 10, 2025 |
GnuTLS certtool Heap OOB Null Write in Template Parsing – DoSA heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. |
Gnutls
|
| CVE-2025-32989 | Jul 10, 2025 |
GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989)A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. |
Gnutls
|
| CVE-2025-6141 | Jun 16, 2025 |
Stack Buffer Overflow in GNU ncurses 6.5-20250322 tinfo/parse_entry.cA vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. |
Ncurses
|
| CVE-2025-5898 | Jun 09, 2025 |
Critical OOBW in GNU PSPP parse_variables_option (pspp-convert.c)A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. |
Pspp
|
| CVE-2025-5899 | Jun 09, 2025 |
Critical Local Free-Not-Heap in GNU PSPP parse_variables_optionA vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
Pspp
|
| CVE-2025-5745 | Jun 05, 2025 |
Glibc 2.40+ strncmp Vector Reg Overwrite (Power10)The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. |
Glibc
|
| CVE-2025-5702 | Jun 05, 2025 |
Unchecked VReg Write in glibc strcmp (Power10) 2.39+The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. |
Glibc
|
| CVE-2025-5245 | May 27, 2025 |
GNU Binutils 2.44-Objdump Debug_type_samep Mem Corruption (Local)A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-5244 | May 27, 2025 |
GNU Binutils 2.44 LD elf_gc_sweep Memory Corruption (CVE-2025-5244)A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component. |
Binutils
|
| CVE-2025-46802 | May 26, 2025 |
screen session PTY set to 666 allows local takeoverFor a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. |
Screen
|
| CVE-2025-23395 | May 26, 2025 |
CVE-2025-23395: Screen 5.0.0 setuid-root PrivEsc via Unprivileged File CreationScreen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges |
Screen
|
| CVE-2025-46803 | May 26, 2025 |
Screen PTYs Mode Change (0622) Allows Write to All PTYsThe default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. |
Screen
|
| CVE-2025-46805 | May 26, 2025 |
Screen <5.0.0 TOCTOU race allows SIGHUP/SIGCONT to privileged processesScreen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. |
Screen
|
| CVE-2025-46804 | May 26, 2025 |
Info Leak in GNU Screen 5.0.0 via setuid-rootA minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. |
Screen
|
| CVE-2025-5001 | May 20, 2025 |
GNU PSPP calloc Int Overflow via -l - Public ExploitA vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. |
Pspp
|
| CVE-2025-48188 | May 16, 2025 |
Heap Buffer Over-Read in libpspp-core.a of GNU PSPP <=2.0.1libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. |
Pspp
|
| CVE-2025-4802 | May 16, 2025 |
glibc LD_LIBRARY_PATH Flaw Pre-2.39 - arbitrary dlopen via setuid binariesUntrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). |
Glibc
|
| CVE-2025-47816 | May 10, 2025 |
GNU PSPP <2.0.1 OOB Read in spvxml_parse_attributeslibpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. |
Pspp
|
| CVE-2025-47814 | May 10, 2025 |
Heap Buffer Overflow in libpspp-core.a of GNU PSPP < 2.0.1libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. |
Pspp
|
| CVE-2025-47815 | May 10, 2025 |
Heap overflow in libpspp-core.a (GNU PSPP 2.0.1 or earlier, inflate_read)libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. |
Pspp
|
| CVE-2025-4382 | May 09, 2025 |
LUKS TPM Auto-Decrypt Flaw in GRUB Enables Physical Access Key ExposureA flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern. |
Grub
|