Main Vulnerability Database Vulnerabilities #VU17377

Input validation error in Glibc - CVE-2019-7309

Published: February 5, 2019 / Updated: March 1, 2019

Vulnerability identifier: #VU17377

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-7309

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Glibc

Detailed vulnerability description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.

How to mitigate CVE-2019-7309

Update to version 2.30, when available.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=24155
https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html

Input validation error in Glibc - CVE-2019-7309

Detailed vulnerability description

How to mitigate CVE-2019-7309

Sources

Please verify you're human