Published: 18/01/2019 Updated: 13/06/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The string component in the GNU C Library (aka glibc or libc6) up to and including 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Debian Bug report logs - #920047 glibc: CVE-2016-10739: getaddrinfo should reject IP addresses with trailing characters Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 21 Jan 2019 20:54:04 UTC Severi ...

The string component in the GNU C Library (aka glibc or libc6) through 228, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multi ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-404 https://sourceware.org/bugzilla/show_bug.cgi?id=24097 http://www.securityfocus.com/bid/106671 https://security.gentoo.org/glsa/202006-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920047 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2019-6488

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect