Joseph Myers

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.23 **Description** The issue is related to multiple stack-based buffer overflows in the GNU C Library. This can be exploited by context-dependent attackers to cause a denial of service, such as an application crash, or possibly execute arbitrary code. The overflows occur when a long argument is passed to certain functions, including the `nan`, `nanf`, or `nanl` functions. **Recommendations** For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting the input to the `nan`, `nanf`, and `nanl` functions to prevent long arguments from being passed.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions prior to 2.22 **Description** The issue is related to an integer overflow in the ` IO wstr overflow` function, which can lead to a denial of service (application crash) or possibly allow execution of arbitrary code. This is triggered by computing a size in bytes, resulting in a heap-based buffer overflow. **Recommendations** For versions prior to 2.22, update to version 2.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ` IO wstr overflow` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions prior to 2.21 **Description** The issue allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. This occurs due to the ADDW macro in stdio-common/vfscanf.c not properly considering data-type size during memory allocation. **Recommendations** For GNU C Library (aka glibc or libc6) versions prior to 2.21, update to version 2.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions prior to 2.21 **Description** The issue is related to the ADDW macro in stdio-common/vfscanf.c, which does not properly consider data-type size during a risk-management decision for use of the alloca function. This might allow attackers to cause a denial of service or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. **Recommendations** For GNU C Library versions prior to 2.21, update to version 2.21 or later to resolve the issue.