Uclibc-Ng Project: >> Uclibc-Ng >> 1.0.40 Security Vulnerabilities
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-09-29
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.
CVSS Score
6.5
EPSS Score
0.068
Published
2022-05-06