[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2985-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":58,"duplicates":59,"related":60,"reserved_at":9,"published_at":72,"modified_at":73,"state":9,"summary":74,"references_raw":76,"kevs":128,"epss":9,"epss_history":129,"metrics":130,"affected":131},"USN-2985-1","eglibc, glibc vulnerabilities\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not\nproperly check permissions for tty files. A local attacker could use this\nto gain administrative privileges or expose sensitive information.\n(CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in\nthe GNU C Library did not properly manage its file descriptors. An attacker\ncould use this to cause a denial of service (infinite loop).\n(CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long\narguments to functions returning a representation of Not a Number (NaN). An\nattacker could use this to cause a denial of service (stack exhaustion\nleading to an application crash) or possibly execute arbitrary code.\n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the\nGNU C Library did not properly account buffer sizes when passed an\nunaligned buffer. An attacker could use this to cause a denial of service\nor possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service\nSwitch (NSS) implementation in the GNU C Library did not handle long\nlines in the files databases correctly. A local attacker could use\nthis to cause a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did\nnot properly handle out-of-range argument data. An attacker could use this\nto cause a denial of service (application crash) or possibly expose\nsensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed\nthe pointer-guarding protection mechanism to be disabled by honoring the\nLD_POINTER_GUARD environment variable across privilege boundaries. A local\nattacker could use this to exploit an existing vulnerability more easily.\n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library\ndid not properly check its size argument, leading to an integer overflow.\nAn attacker could use to cause a denial of service (application crash) or\npossibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the\ncatopen function in the GNU C Library when handling long catalog names. An\nattacker could use this to cause a denial of service (application crash) or\npossibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C\nLibrary did not properly handle long names passed as arguments. An attacker\ncould use to cause a denial of service (stack exhaustion leading to an\napplication crash). (CVE-2016-3075)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56],{"_key":15},"CVE-2013-2207",{"_key":17},"CVE-2014-8121",{"_key":19},"CVE-2014-9761",{"_key":21},"CVE-2015-1781",{"_key":23},"CVE-2015-5277",{"_key":25},"CVE-2015-8776",{"_key":27},"CVE-2015-8777",{"_key":29},"CVE-2015-8778",{"_key":31},"CVE-2015-8779",{"_key":33},"CVE-2016-2856",{"_key":35},"CVE-2016-3075",{"_key":37},"UBUNTU-CVE-2013-2207",{"_key":39},"UBUNTU-CVE-2014-8121",{"_key":41},"UBUNTU-CVE-2014-9761",{"_key":43},"UBUNTU-CVE-2015-1781",{"_key":45},"UBUNTU-CVE-2015-5277",{"_key":47},"UBUNTU-CVE-2015-8776",{"_key":49},"UBUNTU-CVE-2015-8777",{"_key":51},"UBUNTU-CVE-2015-8778",{"_key":53},"UBUNTU-CVE-2015-8779",{"_key":55},"UBUNTU-CVE-2016-2856",{"_key":57},"UBUNTU-CVE-2016-3075",[],[],[61,62,63,64,65,66,67,68,69,70,71],{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},"2016-05-25T20:22:47Z","2026-04-27T15:17:30.767227083Z",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[77,83,88,92,96,100,104,108,112,116,120,124],{"url":78,"sources":79,"tags":81},"https://ubuntu.com/security/notices/USN-2985-1",[80],"osv_ubuntu",[82],"Advisory",{"url":84,"sources":85,"tags":86},"https://ubuntu.com/security/CVE-2013-2207",[80],[87],"REPORT",{"url":89,"sources":90,"tags":91},"https://ubuntu.com/security/CVE-2014-8121",[80],[87],{"url":93,"sources":94,"tags":95},"https://ubuntu.com/security/CVE-2014-9761",[80],[87],{"url":97,"sources":98,"tags":99},"https://ubuntu.com/security/CVE-2015-1781",[80],[87],{"url":101,"sources":102,"tags":103},"https://ubuntu.com/security/CVE-2015-5277",[80],[87],{"url":105,"sources":106,"tags":107},"https://ubuntu.com/security/CVE-2015-8776",[80],[87],{"url":109,"sources":110,"tags":111},"https://ubuntu.com/security/CVE-2015-8777",[80],[87],{"url":113,"sources":114,"tags":115},"https://ubuntu.com/security/CVE-2015-8778",[80],[87],{"url":117,"sources":118,"tags":119},"https://ubuntu.com/security/CVE-2015-8779",[80],[87],{"url":121,"sources":122,"tags":123},"https://ubuntu.com/security/CVE-2016-2856",[80],[87],{"url":125,"sources":126,"tags":127},"https://ubuntu.com/security/CVE-2016-3075",[80],[87],[],[],[],[132],{"ecosystem":133,"name":134,"vendor":135,"product":134,"cpe_part":9,"purl_type":136,"purl_namespace":135,"purl_name":134,"source":9,"versions":137},"Ubuntu","eglibc","ubuntu","deb",[138],{"version":139,"is_range":140,"range_type":141,"version_start":9,"version_start_type":9,"version_end":142,"version_end_type":143,"fixed_in":9},"lt2_19_0ubuntu6_8",true,"ecosystem","2.19-0ubuntu6.8","excluding"]