Arjun Shankar

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.24 through 2.26 **Description** The issue is related to the malloc implementation in the GNU C Library, which can lead to heap corruption due to improper handling of malloc calls with large arguments. This can cause a denial of service. The problem arises when the malloc function returns a pointer to a heap region that is smaller than requested, potentially leading to memory corruption. **Recommendations** For glibc versions 2.24 through 2.26, update to a version that properly handles malloc calls to prevent heap corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.22 **Description** The issue is related to a buffer overflow in the gethostbyname r and other unspecified NSS functions in the GNU C Library. This allows context-dependent attackers to cause a denial of service or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. **Recommendations** For versions prior to 2.22, update to version 2.22 or later to resolve the issue. As a temporary workaround, consider restricting DNS responses to prevent the exploitation of the buffer overflow in the gethostbyname r function.