Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
2016-04-19T21:59:00.113
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | suse | linux_enterprise_debuginfo | 11.0 | Yes |
| Application | suse | linux_enterprise_debuginfo | 11.0 | Yes |
| Application | suse | linux_enterprise_debuginfo | 11.0 | Yes |
| Operating System | opensuse | opensuse | 13.2 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 12 | Yes |
| Operating System | suse | linux_enterprise_desktop | 12 | Yes |
| Operating System | suse | linux_enterprise_server | 11.0 | Yes |
| Operating System | suse | linux_enterprise_server | 11.0 | Yes |
| Operating System | suse | linux_enterprise_server | 11.0 | Yes |
| Operating System | suse | linux_enterprise_server | 11.0 | Yes |
| Operating System | suse | linux_enterprise_server | 12 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 11.0 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 11.0 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 12 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 12 | Yes |
| Operating System | suse | suse_linux_enterprise_server | 12 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Application | gnu | glibc | ≤ 2.22 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.10 | Yes |