Siddhesh Poyarekar

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.35 through 2.36 **Description** The issue relates to a potential crash in the `nscd` client when calling Name Service Switch (NSS)-backed functions that support caching via `nscd` under high load on x86 64 systems. The `nscd` client in the GNU C Library uses the `memcmp` function with inputs that may be concurrently modified by another thread. An optimized implementation of `memcmp` introduced in the GNU C Library version 2.36 for x86 64 could crash when invoked with such undefined behavior, leading to a potential crash of the `nscd` client and the application using it. This implementation was backported to the 2.35 branch, making it vulnerable as well. The issue stems from the use of the `memcmp` function on concurrently modified data, which can lead to spurious cache misses or, in the case of the optimized implementation, a crash. **Recommendations** Apply the fix to avoid the potential crash in the `nscd` client for versions 2.35 through 2.36. If you have cherry-picked the memcpy SSE2 optimization in your copy of the GNU C Library, also apply the fix.

**Name of the Vulnerable Software and Affected Versions** glibc (affected versions not specified) **Description** A flaw was found in glibc, where the `getaddrinfo` function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the ` nss * gethostbyname2 r` and ` nss * getcanonname r` hooks without implementing the ` nss * gethostbyname3 r` hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the `getaddrinfo` function should have the `AF INET6` address family with `AI CANONNAME`, `AI ALL`, and `AI V4MAPPED` as flags. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc (affected versions not specified) **Description** A flaw was found in the realpath() function of glibc, which can mistakenly return an unexpected value. This issue is related to memory release errors and can potentially lead to information leakage and disclosure of sensitive data. Exploitation of this flaw may allow a remote attacker to access confidential information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.29 through 2.33 **Description** The nameserver caching daemon (nscd) in the GNU C Library, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This issue is related to the `netgroupcache.c` component. **Recommendations** For GNU C Library versions 2.29 through 2.33, consider disabling the `netgroupcache.c` component or restricting its use until a patch is available to prevent potential Denial of Service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc (affected versions not specified) **Description** A flaw was found in glibc, specifically an off-by-one buffer overflow and underflow in the `getcwd()` function, which may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to `getcwd()` in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions 2.18 and earlier **Description** The issue is a stack-based buffer overflow in the `getaddrinfo` function, which can be triggered by a hostname or IP address that results in a large number of AF INET6 address results, allowing remote attackers to cause a denial of service (crash). This problem exists due to an incomplete fix for a previous issue. **Recommendations** For GNU C Library (aka glibc or libc6) versions 2.18 and earlier, consider updating to a version that includes a complete fix for this issue. As a temporary workaround, restrict the use of the `getaddrinfo` function to minimize the risk of exploitation. Avoid using hostnames or IP addresses that may trigger a large number of AF INET6 address results until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.16 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically an out-of-bounds read, when converting IBM930 encoded data to UTF-8 using the iconv function. This occurs when a multibyte character value of `0xffff` is provided. **Recommendations** For versions prior to 2.16, update to version 2.16 or later to resolve the issue. As a temporary workaround, consider restricting the input to the iconv function to prevent the use of the `0xffff` multibyte character value.