本ページは gnu glibc に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-6238 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been depre | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 6.5 | 0.04% | 2026-04-28 | 2026-05-04 |
| CVE-2026-5435 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.3 | 0.04% | 2026-04-28 | 2026-05-05 |
| CVE-2026-5928 | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc( | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.5 | 0.05% | 2026-04-20 | 2026-04-23 |
| CVE-2026-5450 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 9.8 | 0.05% | 2026-04-20 | 2026-04-23 |
| CVE-2026-4046 | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.5 | 0.07% | 2026-03-30 | 2026-04-20 |
| CVE-2026-4438 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.4 | 0.06% | 2026-03-20 | 2026-04-07 |
| CVE-2026-4437 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.5 | 0.05% | 2026-03-20 | 2026-04-07 |
| CVE-2026-3904 | Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 6.2 | 0.01% | 2026-03-11 | 2026-04-09 |
| CVE-2025-15281 | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.5 | 0.05% | 2026-01-20 | 2026-02-05 |
| CVE-2026-0915 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.5 | 0.02% | 2026-01-15 | 2026-01-23 |
| CVE-2026-0861 | Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 8.4 | 0.01% | 2026-01-14 | 2026-02-03 |
| CVE-2025-5745 | The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.6 | 0.26% | 2025-06-05 | 2025-10-22 |
| CVE-2025-5702 | The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.6 | 0.29% | 2025-06-05 | 2025-10-01 |
| CVE-2025-4802 | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.8 | 0.04% | 2025-05-16 | 2025-11-03 |
| CVE-2024-33602 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.4 | 0.75% | 2024-05-06 | 2026-05-12 |
| CVE-2024-33601 | nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.3 | 0.32% | 2024-05-06 | 2026-05-12 |
| CVE-2024-33600 | nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 5.9 | 0.69% | 2024-05-06 | 2026-05-12 |
| CVE-2024-33599 | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 8.1 | 1.55% | 2024-05-06 | 2026-05-12 |
| CVE-2024-2961 | The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | 7.3 | 91.92% | 2024-04-17 | 2026-05-12 |
| CVE-2023-6780 | An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. | [email protected] | 5.3 | 0.22% | 2024-01-31 | 2026-05-12 |