Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Уязвимость функций getnetbyaddr() и getnetbyaddr_r() системной библиотеки GNU C Library, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Moderate: glibc security update

ELSA-2026-50078: glibc security update (MODERATE)

ELSA-2026-1334: glibc security update (MODERATE)