Main Vulnerability Database Vulnerabilities #VU17377

#VU17377 Input validation error in Glibc - CVE-2019-7309

Published: February 5, 2019 / Updated: March 1, 2019

Vulnerability identifier: #VU17377

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-7309

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Glibc

Software vendor:
GNU

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.

Remediation

Update to version 2.30, when available.

External links

https://sourceware.org/bugzilla/show_bug.cgi?id=24155
https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html

#VU17377 Input validation error in Glibc - CVE-2019-7309

Description

Remediation

External links

Please verify you're human