{"id":"USN-4954-1","summary":"glibc vulnerabilities","details":"Jason Royes and Samuel Dytrych discovered that the memcpy()\nimplementation for 32 bit ARM processors in the GNU C Library contained\nan integer underflow vulnerability. An attacker could possibly use\nthis to cause a denial of service (application crash) or execute\narbitrary code. (CVE-2020-6096)\n\nIt was discovered that the POSIX regex implementation in the GNU C\nLibrary did not properly parse alternatives. An attacker could use this\nto cause a denial of service. (CVE-2009-5155)\n","modified":"2026-02-10T04:42:12Z","published":"2021-05-14T00:19:34Z","related":["UBUNTU-CVE-2009-5155","UBUNTU-CVE-2020-6096"],"upstream":["CVE-2009-5155","CVE-2020-6096","UBUNTU-CVE-2009-5155","UBUNTU-CVE-2020-6096"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4954-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2009-5155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-6096"}],"affected":[{"package":{"name":"glibc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/glibc@2.23-0ubuntu11.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.23-0ubuntu11.3"}]}],"versions":["2.21-0ubuntu4","2.21-0ubuntu5","2.21-0ubuntu6","2.23-0ubuntu1","2.23-0ubuntu2","2.23-0ubuntu3","2.23-0ubuntu4","2.23-0ubuntu5","2.23-0ubuntu6","2.23-0ubuntu7","2.23-0ubuntu9","2.23-0ubuntu10","2.23-0ubuntu11","2.23-0ubuntu11.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.23-0ubuntu11.3","binary_name":"glibc-source"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc-bin"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc-dev-bin"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-amd64"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-armel"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-amd64"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-armel"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-i386"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-s390"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-dev-x32"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-i386"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-pic"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-ppc64"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-s390"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"libc6-x32"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"locales"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"locales-all"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"multiarch-support"},{"binary_version":"2.23-0ubuntu11.3","binary_name":"nscd"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4954-1.json","cves_map":{"cves":[{"id":"CVE-2009-5155","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2020-6096","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}