%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
glibc
Version
2.43+git
Type
library
Description
GLIBC (GNU C Library)
Licenses
GPL-2.0-only & LGPL-2.1-or-later
PURL
-
CPE
cpe:2.3:*:gnu:glibc:2.43+git:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
nativesdk-glibc: Fall back to faccessat on faccess2 returns
Khem Raj <raj.khem@gmail.com>
2
eglibc: Forward port cross locale generation support
Khem Raj <raj.khem@gmail.com>
3
eglibc: Cross building and testing instructions
Khem Raj <raj.khem@gmail.com>
4
tzselect.ksh: Use /bin/sh default shell interpreter
Khem Raj <raj.khem@gmail.com>
5
eglibc: Resolve __fpscr_values on SH4
Khem Raj <raj.khem@gmail.com>
6
localedef --add-to-archive uses a hard-coded locale path
Khem Raj <raj.khem@gmail.com>
7
eglibc: Help bootstrap cross toolchain
Khem Raj <raj.khem@gmail.com>
8
stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
Rocket Ma <marocketbd@gmail.com>
CVE-2026-5450
9
wordsize.h: Unify the header between arm and aarch64
Khem Raj <raj.khem@gmail.com>
10
nativesdk-glibc: Fix buffer overrun with a relocated SDK
Khem Raj <raj.khem@gmail.com>
11
nativesdk-glibc: Look for host system ld.so.cache as well
Khem Raj <raj.khem@gmail.com>
12
fix create thread failed in unprivileged process [BZ #28287]
Hongxu Jia <hongxu.jia@windriver.com>
13
tests: Skip 2 qemu tests that can hang in oe-selftest
Yash Shinde <Yash.Shinde@windriver.com>
14
Propagate -ffile-prefix-map from CFLAGS to ASFLAGS.
Khem Raj <raj.khem@gmail.com>
15
timezone: Make shell interpreter overridable in tzselect.ksh
Khem Raj <raj.khem@gmail.com>
16
Replace echo with printf builtin in nscd init script
Khem Raj <raj.khem@gmail.com>
17
localedef: Add hardlink resolver from util-linux
Jason Wessel <jason.wessel@windriver.com>
18
powerpc: Do not ask compiler for finding arch
Khem Raj <raj.khem@gmail.com>
19
localedef: fix-ups hardlink to make it compile
Jason Wessel <jason.wessel@windriver.com>
20
sysdeps/gnu/configure.ac: Set libc_cv_rootsbindir only if its
Khem Raj <raj.khem@gmail.com>
21
'yes' within the path sets wrong config variables
Khem Raj <raj.khem@gmail.com>
22
nativesdk-glibc: Raise the size of arrays containing dl paths
Khem Raj <raj.khem@gmail.com>
23
nativesdk-glibc: Make relocatable install for locales
Khem Raj <raj.khem@gmail.com>
Vulnerabilities#
Name
Analysis
Description
Exploitable
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.
These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
Patched
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.
Exploitable
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.
Exploitable
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.