SB2019020506 - Denial of service in GNU glibc
Published: February 5, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2019-7309)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.
Remediation
Install update from vendor's website.