Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU C Library 缓冲区溢出漏洞
Vulnerability Description
GNU C Library(又名glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.20及之前版本的stdio-common/vfscanf.c文件中的ADDW宏中存在安全漏洞,该漏洞源于程序执行‘alloca’函数使用方法的风险管理决策时,没有正确考虑data-type字段的大小。远程攻击者可借助超长的带有宽字符的输入数据利用该漏洞造成拒绝服务(段错误),或覆盖内存位置。
CVSS Information
N/A
Vulnerability Type
N/A