Gentoo Project

Base System

Security Bug Reports

• sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory

  638434 - Assigned to Gentoo Security
• sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)

  714750 - Assigned to Gentoo Security
• sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)

  717714 - Assigned to Gentoo Security
• net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)

  786957 - Assigned to Gentoo Security
• sys-devel/patch: invalid free vulnerability

  829835 - Assigned to Gentoo Security
• dev-db/sqlite: record leakage

  833451 - Assigned to Gentoo Security
• <sys-apps/usbredir-0.12.0: use-after-free

  834010 - Assigned to Gentoo Security
• <sys-fs/fuse-exfat-1.4.0: deleted file information leak

  842213 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.40: multiple vulnerabilities

  845195 - Assigned to Gentoo Security
• <app-admin/logrotate-3.20.0: Unprivileged DoS via state file

  847382 - Assigned to Gentoo Security
• app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets

  861446 - Assigned to Gentoo Security
• dev-lang/yasm: multiple vulnerabilities

  862112 - Assigned to Gentoo Security
• app-arch/unzip: null pointer dereference

  866386 - Assigned to Gentoo Security
• sys-apps/man2html: multiple vulnerabilities

  869413 - Assigned to Gentoo Security
• <app-misc/ca-certificates-20211016.3.86: TrustCor removal

  884805 - Assigned to Gentoo Security
• <app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"

  889878 - Assigned to Gentoo Security
• <dev-util/pkgconf-1.8.1: Billion Laughs vulnerability

  891647 - Assigned to Gentoo Security
• <sys-libs/ncurses-6.4_p20230408, <sys-libs/ncurses-compat-6.4_p20240330: Multiple vulnerabilities

  904247 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r3: passwd file manipulation via chfn

  904518 - Assigned to Gentoo Security
• <sys-libs/libcap-2.69: Multiple vulnerabilities

  906461 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change

  908613 - Assigned to Gentoo Security
• <sys-process/procps-4.0.4: ps buffer overflow

  913408 - Assigned to Gentoo Security
• <sys-boot/grub-2.06-r9: Multiple vulnerabilities

  915131 - Assigned to Gentoo Security
• <net-libs/libtirpc-1.3.4: Multiple vulnerabilities

  915404 - Assigned to Gentoo Security
• <sys-fs/exfatprogs-1.2.2: OOB read

  916507 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities

  921684 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability

  922474 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues

  927980 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability

  928062 - Assigned to Gentoo Security
• <sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution

  929210 - Assigned to Gentoo Security
• <net-misc/wget-1.24.5: cookie leakage with HSTS and subdomains

  930041 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3

  930047 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow

  932317 - Assigned to Gentoo Security
• <net-misc/curl-8.9.1: ASN.1 date parser overread

  937125 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service

  939110 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access

  941643 - Assigned to Gentoo Security
• <net-misc/curl-8.11.0: HSTS subdomain overwrites parent cache entry

  942952 - Assigned to Gentoo Security
• <net-misc/wget-1.25.0: Vulnerability with shorthand FTP URLs

  943275 - Assigned to Gentoo Security
• <net-misc/curl-8.11.1: netrc and redirect credential leak

  946291 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: Timing side-channel in ECDSA signature computation

  948515 - Assigned to Gentoo Security
• <net-misc/curl-8.12.0: multiple vulnerabilities

  949330 - Assigned to Gentoo Security
• <net-misc/curl-8.13.0: Lack of validation with missing known_hosts for SCP and SFTP

  949342 - Assigned to Gentoo Security
• <dev-libs/libtasn1-4.20.0: Denial of service

  949497 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected

  949620 - Assigned to Gentoo Security
• <net-misc/openssh-9.9_p2: Multiple vulnerabilities

  949904 - Assigned to Gentoo Security
• sys-boot/grub: Multiple vulnerabilities

  950250 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43: Multiple vulnerabilities

  951265 - Assigned to Gentoo Security
• <sys-libs/libcap-2.76: Possible privilege escalation with "@"-prefixed groups

  951333 - Assigned to Gentoo Security
• <sys-process/atop-2.11.1: heap corruption

  952921 - Assigned to Gentoo Security
• <net-misc/openssh-10.0_p1: DisableForwarding doesn't have documented effect

  953746 - Assigned to Gentoo Security
• <net-dns/c-ares-1.34.5: Use after free in read_answers()

  953870 - Assigned to Gentoo Security
• <dev-db/sqlite-3.49.2: Crash via malicious CREATE TABLE statements

  955819 - Assigned to Gentoo Security
• sys-apps/coreutils: Buffer overflow in sort

  956995 - Assigned to Gentoo Security
• <net-misc/iputils-20250605: Multiple vulnerabilities

  957594 - Assigned to Gentoo Security
• <sys-process/procps-4.0.5-r1: Vulnerability with legacy configuration files in top

  958286 - Assigned to Gentoo Security
• <sys-libs/pam-1.7.1: Multiple vulnerabilities

  958320 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.4.2, 3.5.1}: x509 tool has buggy -addreject option

  959654 - Assigned to Gentoo Security
• <net-libs/gnutls-3.8.10: Multiple vulnerabilities

  959840 - Assigned to Gentoo Security
• <dev-db/sqlite-3.50.3: Possible memory safety issue

  960691 - Assigned to Gentoo Security
• <net-misc/curl-8.16.0: multiple vulnerabilities

  962682 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.13.9: Multiple vulnerabilities

  962684 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.46: Out-of-bounds read with attacker-controlled regex pattern

  962686 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4}: Multiple vulnerabilities

  963644 - Assigned to Gentoo Security
• <net-misc/openssh-10.1_p1: Control characters allowed on command line / via configuration

  963869 - Assigned to Gentoo Security