The vulnerability is a heap-based buffer overflow vulnerability in a function that supports the wisely used syslog(). Red Hat Product Security, glibc developers and glibc security team coordinated the vulnerability disclosure and successfully remediated the vulnerability on the Coordinated ...

August 13, 2025 - It offers essential functions that programs need to work properly on your system. The glibc library has been around since 1992, and it’s maintained by the GNU project. A glibc vulnerability is a flaw or weakness in this library that can be exploited by malicious actors to compromise your system’s security.

February 17, 2016 - On February 16, 2016 a new critical vulnerability CVE-2015-7547 - "glibc getaddrinfo() stack-based buffer overflow" was announced. We have reviewed the severity and impact to Globus services, partner services and users, and posted details of our findings in a new security bulletin.

May 19, 2025 - However, this vulnerability creates a condition where even statically linked programs may incorrectly honor the LD_LIBRARY_PATH setting during dlopen operations. This behavior breaks the security boundary between privileged and unprivileged ...

Skip to navigation Skip to main content · English · Select Your Language · Français · 한국어 · 日本語 · 中文 (中国) · Infrastructure and Management · Red Hat Enterprise Linux

April 29, 2022 - Loading · ×Sorry to interrupt · Refresh

Security vulnerabilities and package health score for debian:11 package glibc

February 11, 2026 - CVE-2023-6246 is a heap-based buffer overflow in GNU Glibc's __vsyslog_internal function that can cause crashes or privilege escalation. This article covers the technical details, affected versions, and mitigation.

January 27, 2015 - Attackers could remotely take complete control of the victim system and execute code without prior knowledge of system credentials. While active exploitation is not occurring, proof-of-concept code exists and will be released by the researchers who originally discovered the vulnerability.

October 4, 2023 - A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.

March 4, 2026 - CVE-2020-10029 is a buffer overflow vulnerability in GNU Glibc. Learn about its impact, affected versions, and mitigation methods.

May 14, 2025 - We have successfully identified and exploited this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13.

February 14, 2024 - The vulnerability has received the identifier CVE-2023-6246, and a score of 8.4 on the CVSS v3.1 scale. Despite the fact that the level of this threat is not critical – it’s just high – there’s a high probability of its exploitation in large-scale attacks since glibc is the main system library that’s used by almost all Linux programs.

On February 16, 2016, the maintainers of the GNU C Library (known as glibc, an open-source software library widely used in Linux systems) announced that they had released a fix for a vulnerability introduced in 2008 that allowed a buffer overflow to take place.

March 4, 2026 - CVE-2020-29573 is a stack-based buffer overflow in GNU Glibc affecting x86 systems before version 2.23. It impacts printf family functions with non-canonical long double values. This article covers technical details.

May 19, 2025 - A critical vulnerability in the GNU C Library (glibc) has exposed millions of Linux systems to potential privilege escalation attacks, security researchers warned this week.

April 22, 2024 - Last week, CVE-2024-2961 was announced. In brief, systems using glibc and serving php content could potentially be at risk. The vulnerability is related to the ISO-2022-CN-EXT character set.

September 25, 2025 - On February 16th a critical vulnerability in glibc, a widely used open source library that powers thousands of standalone applications and most distributions of Linux, was published by researchers from Google.

February 19, 2016 - I did not read anywhere near the end of this but an interesting conversation I've seen is with Patrick V. (Slackware leader) and that he is thinking an old patch kept in glibc prevented Slackware from being vulnerable to this. The patch was also used by opensuse at some point.

Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables.