GNU
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any GNU product.
Products by GNU Sorted by Most Security Vulnerabilities since 2018
Known Exploited GNU Vulnerabilities
The following GNU vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
GNU C Library Buffer Overflow Vulnerability | GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. CVE-2023-4911 | November 21, 2023 |
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. CVE-2014-6271 | January 28, 2022 |
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. CVE-2014-7169 | January 28, 2022 |
By the Year
In 2024 there have been 13 vulnerabilities in GNU with an average score of 6.6 out of ten. Last year GNU had 78 security vulnerabilities published. Right now, GNU is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.32
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 13 | 6.56 |
2023 | 78 | 6.89 |
2022 | 45 | 7.15 |
2021 | 87 | 7.47 |
2020 | 54 | 7.11 |
2019 | 80 | 7.05 |
2018 | 76 | 6.64 |
It may take a day or so for new GNU vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Security Vulnerabilities
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data
CVE-2024-38428
9.1 - Critical
- June 16, 2024
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Interpretation Conflict
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file
CVE-2024-5742
6.7 - Medium
- June 12, 2024
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
insecure temporary file
A flaw was found in the grub2-set-bootflag utility of grub2
CVE-2024-1048
3.3 - Low
- February 06, 2024
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Insufficient Cleanup
A flaw was found in indent, a program for formatting C code
CVE-2024-0911
5.5 - Medium
- February 06, 2024
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
Memory Corruption
A flaw was found in the GNU coreutils "split" program
CVE-2024-0684
5.5 - Medium
- February 06, 2024
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Memory Corruption
A path traversal vulnerability was found in the CPIO utility
CVE-2023-7216
5.3 - Medium
- February 05, 2024
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
Directory traversal
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library
CVE-2023-6779
7.5 - High
- January 31, 2024
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
Memory Corruption
An integer overflow was found in the __vsyslog_internal function of the glibc library
CVE-2023-6780
5.3 - Medium
- January 31, 2024
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
Incorrect Calculation of Buffer Size
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library
CVE-2023-6246
7.8 - High
- January 31, 2024
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
Memory Corruption
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust
CVE-2024-0567
7.5 - High
- January 16, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Improper Verification of Cryptographic Signature
A vulnerability was found in GnuTLS
CVE-2024-0553
7.5 - High
- January 16, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Side Channel Attack
An authentication bypass flaw was found in GRUB due to the way
CVE-2023-4001
6.8 - Medium
- January 15, 2024
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Authentication Bypass by Spoofing
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
CVE-2023-26157
7.5 - High
- January 02, 2024
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Out-of-bounds Read
A vulnerability was found
CVE-2023-5981
5.9 - Medium
- November 28, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Side Channel Attack
An attacker with local access to a system (either through a disk or external drive)
CVE-2023-4949
6.7 - Medium
- November 10, 2023
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grubs XFS file system implementation.
Memory Corruption
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver
CVE-2023-4692
7.8 - High
- October 25, 2023
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Memory Corruption
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver
CVE-2023-4693
4.6 - Medium
- October 25, 2023
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
Out-of-bounds Read
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable
CVE-2023-4911
7.8 - High
- October 03, 2023
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Memory Corruption
A heap out-of-bounds read flaw was found in builtin.c in the gawk package
CVE-2023-4156
7.1 - High
- September 25, 2023
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Out-of-bounds Read
A flaw was found in the GNU C Library
CVE-2023-5156
7.5 - High
- September 25, 2023
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
Memory Leak
A flaw was found in glibc
CVE-2023-4806
5.9 - Medium
- September 18, 2023
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Dangling pointer
A flaw was found in glibc
CVE-2023-4527
6.5 - Medium
- September 18, 2023
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Out-of-bounds Read
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
CVE-2023-25584
7.1 - High
- September 14, 2023
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Out-of-bounds Read
A flaw was found in Binutils
CVE-2023-25585
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Use of Uninitialized Resource
A flaw was found in Binutils
CVE-2023-25586
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Use of Uninitialized Resource
A flaw was found in Binutils
CVE-2023-25588
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Use of Uninitialized Resource
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
CVE-2023-4039
4.8 - Medium
- September 13, 2023
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
A flaw was found in glibc
CVE-2023-4813
5.9 - Medium
- September 12, 2023
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Dangling pointer
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names
CVE-2022-35205
5.5 - Medium
- August 22, 2023
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
assertion failure
Null pointer dereference vulnerability in Binutils readelf 2.38.50
CVE-2022-35206
5.5 - Medium
- August 22, 2023
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
NULL Pointer Dereference
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library)
CVE-2020-35357
6.5 - Medium
- August 22, 2023
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
Classic Buffer Overflow
Heap buffer overflow vulnerability in binutils readelf before 2.40
CVE-2022-44840
7.8 - High
- August 22, 2023
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
Memory Corruption
Heap buffer overflow vulnerability in binutils readelf before 2.40
CVE-2022-45703
7.8 - High
- August 22, 2023
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
Memory Corruption
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38
CVE-2022-47007
5.5 - Medium
- August 22, 2023
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Memory Leak
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38
CVE-2022-47008
5.5 - Medium
- August 22, 2023
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Memory Leak
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38
CVE-2022-47010
5.5 - Medium
- August 22, 2023
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Memory Leak
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38
CVE-2022-47011
5.5 - Medium
- August 22, 2023
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Memory Leak
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads
CVE-2022-47673
7.8 - High
- August 22, 2023
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Out-of-bounds Read
An issue was discovered Binutils objdump before 2.39.3
CVE-2022-47695
7.8 - High
- August 22, 2023
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
An issue was discovered Binutils objdump before 2.39.3
CVE-2022-47696
7.8 - High
- August 22, 2023
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability
CVE-2022-48063
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Resource Exhaustion
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability
CVE-2022-48064
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Allocation of Resources Without Limits or Throttling
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48065
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
Memory Leak
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could
CVE-2020-35342
7.5 - High
- August 22, 2023
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
Improper Initialization
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
CVE-2021-46174
7.5 - High
- August 22, 2023
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
Memory Corruption
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1
CVE-2020-19188
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1
CVE-2020-19189
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1
CVE-2020-19190
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34
CVE-2020-19724
5.5 - Medium
- August 22, 2023
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
Memory Leak
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data
CVE-2020-19726
8.8 - High
- August 22, 2023
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
An issue was discovered in GNU Binutils 2.34
CVE-2020-21490
5.5 - Medium
- August 22, 2023
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
Memory Leak
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1
CVE-2020-19185
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1
CVE-2020-19186
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1
CVE-2020-19187
6.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Memory Corruption
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c
CVE-2023-40305
5.5 - Medium
- August 14, 2023
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
Memory Corruption
GNU inetutils before 2.5 may
CVE-2023-40303
7.8 - High
- August 14, 2023
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Unchecked Return Value
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow
CVE-2023-39128
5.5 - Medium
- July 25, 2023
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
Memory Corruption
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free
CVE-2023-39129
5.5 - Medium
- July 25, 2023
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
Dangling pointer
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow
CVE-2023-39130
5.5 - Medium
- July 25, 2023
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
Memory Corruption
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet
CVE-2022-28733
8.1 - High
- July 20, 2023
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Integer underflow
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers
CVE-2022-28734
7 - High
- July 20, 2023
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
Memory Corruption
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems
CVE-2022-28735
7.8 - High
- July 20, 2023
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems
CVE-2022-28736
7.8 - High
- July 20, 2023
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
Dangling pointer
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36
CVE-2021-32256
6.5 - Medium
- July 18, 2023
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
Memory Corruption
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might
CVE-2015-20109
5.5 - Medium
- June 25, 2023
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Classic Buffer Overflow
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36271
8.8 - High
- June 23, 2023
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Memory Corruption
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36272
8.8 - High
- June 23, 2023
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Memory Corruption
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36273
8.8 - High
- June 23, 2023
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Memory Corruption
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36274
8.8 - High
- June 23, 2023
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Memory Corruption
A vulnerability was found in GNU cflow 1.7
CVE-2023-2789
7.5 - High
- May 18, 2023
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Improper Resource Shutdown or Release
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c
CVE-2023-1972
6.5 - Medium
- May 17, 2023
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Memory Corruption
A flaw was found in the Emacs text editor
CVE-2023-2491
7.8 - High
- May 17, 2023
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Command Injection
An issue was discovered in Mailman Core before 3.3.5
CVE-2021-34337
6.3 - Medium
- April 15, 2023
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file
CVE-2023-29491
7.8 - High
- April 14, 2023
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Memory Corruption
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD)
CVE-2023-24626
6.5 - Medium
- April 08, 2023
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2023-1579
7.8 - High
- April 03, 2023
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
Memory Corruption
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name
CVE-2023-28617
7.8 - High
- March 19, 2023
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Shell injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI
CVE-2023-27985
7.8 - High
- March 09, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Shell injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters
CVE-2023-27986
7.8 - High
- March 09, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Code Injection
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5
CVE-2023-25222
8.8 - High
- March 01, 2023
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Memory Corruption
GNU libmicrohttpd before 0.9.76
CVE-2023-27371
5.9 - Medium
- February 28, 2023
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Out-of-bounds Read
GNU Emacs through 28.2
CVE-2022-48337
9.8 - Critical
- February 20, 2023
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Shell injection
An issue was discovered in GNU Emacs through 28.2
CVE-2022-48338
7.3 - High
- February 20, 2023
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
Command Injection
An issue was discovered in GNU Emacs through 28.2
CVE-2022-48339
7.8 - High
- February 20, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
Output Sanitization
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS
CVE-2023-0361
7.4 - High
- February 15, 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Side Channel Attack
In GNU Less before 609, crafted data
CVE-2022-46663
7.5 - High
- February 07, 2023
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
A vulnerability was found in GNU C Library 2.38
CVE-2023-0687
9.8 - Critical
- February 06, 2023
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
Classic Buffer Overflow
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size
CVE-2023-25139
9.8 - Critical
- February 03, 2023
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
Memory Corruption
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
CVE-2022-48303
5.5 - Medium
- January 30, 2023
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Out-of-bounds Read
An illegal memory access flaw was found in the binutils package
CVE-2022-4285
5.5 - Medium
- January 27, 2023
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform
CVE-2022-3715
7.8 - High
- January 05, 2023
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
Memory Corruption
When rendering certain unicode sequences
CVE-2022-3775
7.1 - High
- December 19, 2022
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Memory Corruption
A buffer overflow was found in grub_font_construct_glyph()
CVE-2022-2601
8.6 - High
- December 14, 2022
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Heap-based Buffer Overflow
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow
CVE-2022-45332
7.8 - High
- November 30, 2022
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
Memory Corruption
GNU Emacs through 28.2
CVE-2022-45939
7.8 - High
- November 28, 2022
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Shell injection
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check
CVE-2021-46848
9.1 - Critical
- October 24, 2022
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
off-by-five
GNU oSIP v5.3.0 was discovered to contain an integer overflow
CVE-2022-41550
6.5 - Medium
- October 11, 2022
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.
Integer Overflow or Wraparound
A stack-based buffer overflow flaw was found in the Fribidi package
CVE-2022-25308
7.8 - High
- September 06, 2022
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Stack Overflow
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file
CVE-2022-25310
5.5 - Medium
- September 06, 2022
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
NULL Pointer Dereference
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file
CVE-2022-25309
5.5 - Medium
- September 06, 2022
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
Heap-based Buffer Overflow