glibc

A newly assigned high‑severity vulnerability, tracked as CVE‑2026‑0861, exposes an integer overflow in the GNU C Library’s memalign family of allocation routines that can result in heap corruption with potentially serious consequences for availability, integrity and — under constrained...

A deep, exploitable buffer overflow in the GNU C Library’s dynamic loader — triggered by specially crafted GLIBC_TUNABLES environment values — lets local attackers escalate to root on many mainstream Linux distributions unless systems are patched or mitigated. Background / Overview The GNU C...

A subtle change to glibc’s DNS stub resolver has had consequences that administrators and application developers should treat as more than an academic footnote: CVE-2023-4527 is a stack read overflow in getaddrinfo that can be triggered when the resolver is run in no-aaaa mode and a DNS response...

The glibc library’s getaddrinfo implementation suffered a subtle — but operationally important — regression in late 2023 that introduced a memory leak capable of producing denial‑of‑service conditions in networked services: CVE‑2023‑5156 is a memory‑leak bug in getaddrinfo.c, introduced as a...

A subtle but consequential bug in the GNU C Library’s name-resolution path — tracked as CVE-2023-4806 — exposed a rare use‑after‑free in getaddrinfo() that can crash networked applications and, in realistic scenarios, be abused for denial of service. The issue is notable not because it’s easy to...

A straightforward null-pointer bug in the GNU C Library’s Name Service Cache Daemon — tracked as CVE-2024-33600 — can cause nscd to crash when a “not found” netgroup response fails to be saved to the cache, creating a reliable denial-of-service condition for any system that relies on nscd for...