VDB

GCVE-110-MAGEIA-2017-464

GCVE-110-MAGEIA-2017-464
Advisory Published
Vulnetix · Advisory published December 22, 2017
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132, CVE-2017-12133). The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow (CVE-2017-15670). The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak) (CVE-2017-15671). The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804). As libtirpc is also affected by CVE-2017-12133, it's part of this update.

Affected Products

VendorProductVersionsPlatforms
Mageiaglibc0 (affected), 2.22-26.mga6 (unaffected)
Mageialibtirpc0 (affected), 1.0.1-5.1.mga6 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›