Known Vulnerabilities for products from Uclibc
Listed below are 6 of the newest known vulnerabilities associated with the vendor "Uclibc".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-30295 json | uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning... | 6.5 - MEDIUM | 2022-05-06 | 2023-08-08 |
| CVE-2022-29503 json | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40... | 9.8 - CRITICAL | 2022-09-29 | 2023-06-28 |
| CVE-2021-43523 json | In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via g... | 9.6 - CRITICAL | 2021-11-10 | 2021-11-15 |
| CVE-2017-9729 json | In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/re... | 7.5 - HIGH | 2017-06-16 | 2019-10-03 |
| CVE-2017-9728 json | In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a craft... | 9.8 - CRITICAL | 2017-06-16 | 2017-06-22 |
| CVE-2016-6264 json | Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers... | Not Provided | 2017-01-27 | 2025-04-20 |
Known software with vulnerabilities from Uclibc
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Uclibc | Uclibc | 0.9.33.2 |