Gnu: Security Vulnerabilities
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
CVSS Score
7.0
EPSS Score
0.001
Published
2019-06-18
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-05-22
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-05-17
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-01
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-04-10
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-04-10
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-04-01