Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2019-14871

Published: 18/03/2020 Updated: 24/03/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Newlib Project

Vulnerability Summary

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions before 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

newlib project newlib

Mailing Lists

Full Disclosure: multiple NULL pointer dereference vulnerabilities in newlib
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> multiple NULL pointer dereference vulnerabilities in newlib <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Dimit ...

Github Repositories

https://github.com/keith-packard/picolibc-ci

test CI updates

Picolibc Copyright © 2018,2019 Keith Packard Picolibc is library offering standard C library APIs that targets small embedded systems with limited RAM Picolibc was formed by blending code from Newlib and AVR Libc License Picolibc source comes from a variety of places and has a huge variety of copyright holders and license texts While much of the code comes from Newlib,

https://github.com/ft/zephyr-picolibc

Zephyr: Picolibc Module

Picolibc Copyright © 2018-2023 Keith Packard Picolibc is library offering standard C library APIs that targets small embedded systems with limited RAM Picolibc was formed by blending code from Newlib and AVR Libc Build status: License Picolibc source comes from a variety of places and has a huge variety of copyright holders and license texts While much of the code

https://github.com/GaloisInc/picolibc

Fromager Picolibc This is the FROMAGER fork of picolibc, used when building C programs for the MicroRAM architecture Buildng mkdir build cd build /scripts/do-fromager-configure ninja install This will "install" LLVM bitcode files into build/image/picolibc/x86_64-unknown-fromager/lib/ When changing mesonbuild files or the bui

https://github.com/picolibc/picolibc

picolibc - a C library designed for embedded 32- and 64- bit systems.

Picolibc Copyright © 2018-2023 Keith Packard Picolibc is library offering standard C library APIs that targets small embedded systems with limited RAM Picolibc was formed by blending code from Newlib and AVR Libc Build status: License Picolibc source comes from a variety of places and has a huge variety of copyright holders and license texts While much of the code

References

CWE-476https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/https://nvd.nist.govhttps://github.com/keith-packard/picolibc-cihttp://seclists.org/oss-sec/2020/q1/51
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook