Gentoo Project

Base System

Security Bug Reports

• sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory

  638434 - Assigned to Gentoo Security
• sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)

  714750 - Assigned to Gentoo Security
• sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)

  717714 - Assigned to Gentoo Security
• net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)

  786957 - Assigned to Gentoo Security
• sys-devel/patch: invalid free vulnerability

  829835 - Assigned to Gentoo Security
• dev-db/sqlite: record leakage

  833451 - Assigned to Gentoo Security
• <sys-apps/usbredir-0.12.0: use-after-free

  834010 - Assigned to Gentoo Security
• <sys-fs/fuse-exfat-1.4.0: deleted file information leak

  842213 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.40: multiple vulnerabilities

  845195 - Assigned to Gentoo Security
• <app-admin/logrotate-3.20.0: Unprivileged DoS via state file

  847382 - Assigned to Gentoo Security
• <app-crypt/gnupg-{2.4.9, 2.5.10}: denial of service issue (resource consumption) using compressed packets

  861446 - Assigned to Gentoo Security
• dev-lang/yasm: multiple vulnerabilities

  862112 - Assigned to Gentoo Security
• app-arch/unzip: null pointer dereference

  866386 - Assigned to Gentoo Security
• sys-apps/man2html: multiple vulnerabilities

  869413 - Assigned to Gentoo Security
• <app-misc/ca-certificates-20211016.3.86: TrustCor removal

  884805 - Assigned to Gentoo Security
• <app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"

  889878 - Assigned to Gentoo Security
• <dev-util/pkgconf-1.8.1: Billion Laughs vulnerability

  891647 - Assigned to Gentoo Security
• <sys-libs/ncurses-6.4_p20230408, <sys-libs/ncurses-compat-6.4_p20240330: Multiple vulnerabilities

  904247 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r3: passwd file manipulation via chfn

  904518 - Assigned to Gentoo Security
• <sys-libs/libcap-2.69: Multiple vulnerabilities

  906461 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change

  908613 - Assigned to Gentoo Security
• <sys-process/procps-4.0.4: ps buffer overflow

  913408 - Assigned to Gentoo Security
• <sys-boot/grub-2.06-r9: Multiple vulnerabilities

  915131 - Assigned to Gentoo Security
• <net-libs/libtirpc-1.3.4: Multiple vulnerabilities

  915404 - Assigned to Gentoo Security
• <sys-fs/exfatprogs-1.2.2: OOB read

  916507 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability

  922474 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues

  927980 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability

  928062 - Assigned to Gentoo Security
• <sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution

  929210 - Assigned to Gentoo Security
• <net-misc/wget-1.24.5: cookie leakage with HSTS and subdomains

  930041 - Assigned to Gentoo Security
• <net-misc/curl-8.9.1: ASN.1 date parser overread

  937125 - Assigned to Gentoo Security
• <net-misc/curl-8.11.0: HSTS subdomain overwrites parent cache entry

  942952 - Assigned to Gentoo Security
• <net-misc/wget-1.25.0: Vulnerability with shorthand FTP URLs

  943275 - Assigned to Gentoo Security
• <net-misc/curl-8.11.1: netrc and redirect credential leak

  946291 - Assigned to Gentoo Security
• <net-misc/curl-8.12.0: multiple vulnerabilities

  949330 - Assigned to Gentoo Security
• <net-misc/curl-8.13.0: Lack of validation with missing known_hosts for SCP and SFTP

  949342 - Assigned to Gentoo Security
• <dev-libs/libtasn1-4.20.0: Denial of service

  949497 - Assigned to Gentoo Security
• <net-misc/openssh-9.9_p2: Multiple vulnerabilities

  949904 - Assigned to Gentoo Security
• sys-boot/grub: Multiple vulnerabilities

  950250 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43: Multiple vulnerabilities

  951265 - Assigned to Gentoo Security
• <sys-libs/libcap-2.76: Possible privilege escalation with "@"-prefixed groups

  951333 - Assigned to Gentoo Security
• <sys-process/atop-2.11.1: heap corruption

  952921 - Assigned to Gentoo Security
• <net-misc/openssh-10.0_p1: DisableForwarding doesn't have documented effect

  953746 - Assigned to Gentoo Security
• <net-dns/c-ares-1.34.5: Use after free in read_answers()

  953870 - Assigned to Gentoo Security
• <dev-db/sqlite-3.49.2: Crash via malicious CREATE TABLE statements

  955819 - Assigned to Gentoo Security
• sys-apps/coreutils: Buffer overflow in sort

  956995 - Assigned to Gentoo Security
• <net-misc/iputils-20250605: Multiple vulnerabilities

  957594 - Assigned to Gentoo Security
• <sys-process/procps-4.0.5-r1: Vulnerability with legacy configuration files in top

  958286 - Assigned to Gentoo Security
• <sys-libs/pam-1.7.1: Multiple vulnerabilities

  958320 - Assigned to Gentoo Security
• <net-libs/gnutls-3.8.10: Multiple vulnerabilities

  959840 - Assigned to Gentoo Security
• <dev-db/sqlite-3.50.3: Possible memory safety issue

  960691 - Assigned to Gentoo Security
• <net-misc/curl-8.16.0: multiple vulnerabilities

  962682 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.13.9: Multiple vulnerabilities

  962684 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.46: Out-of-bounds read with attacker-controlled regex pattern

  962686 - Assigned to Gentoo Security
• <net-misc/openssh-10.1_p1: Control characters allowed on command line / via configuration

  963869 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43-r2: Type confusion in exsltFuncResultComp

  964753 - Assigned to Gentoo Security
• <net-misc/curl-8.17.0-r1: wcurl path traversal with percent-encoded slashes

  966140 - Assigned to Gentoo Security
• sys-boot/grub: multiple vulnerabilities

  966254 - Assigned to Gentoo Security
• <net-libs/gnutls-3.8.11: Stack overwrite in gnutls_pkcs11_token_init

  966282 - Assigned to Gentoo Security
• <media-libs/libpng-1.6.51: four buffer overflow vulnerabilities

  966340 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.45: Multiple vulnerabilities

  966901 - Assigned to Gentoo Security
• <media-libs/libpng-1.6.52: out-of-bounds read in `png_image_read_composite`

  967052 - Assigned to Gentoo Security
• <net-dns/c-ares-1.34.6: Use-after-free bug in read_answers()

  967359 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.41.3: Buffer overflow in setpwnam

  967612 - Assigned to Gentoo Security
• net-misc/rsync: Out-of-bounds read

  967677 - Assigned to Gentoo Security
• <app-crypt/gnupg-{2.4.9, 2.5.14}, <app-crypt/freepg-2.5.16: Memory corruption in armor parser

  967884 - Assigned to Gentoo Security
• <app-crypt/gnupg-2.5.16, <app-crypt/freepg-2.5.16: Cleartext Signature Forgery in the NotDashEscaped header

  968171 - Assigned to Gentoo Security
• <dev-libs/libtasn1-4.21.0: stack-based buffer overflow

  968531 - Assigned to Gentoo Security
• media-libs/libpng: multiple vulnerabilities

  968671 - Assigned to Gentoo Security