RSS   Vulnerabilities for 'Uclibc'   RSS

2021-11-10
 
CVE-2021-43523

CWE-79
 

 
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.

 
2017-06-16
 
CVE-2017-9729

CWE-674
 

 
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.

 
 
CVE-2017-9728

 

 
In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.

 


Copyright 2024, cxsecurity.com

 

Back to Top