Published: 03/02/2019 Updated: 24/08/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

In the GNU C Library (aka glibc or libc6) up to and including 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Debian Bug report logs - #920047 glibc: CVE-2016-10739: getaddrinfo should reject IP addresses with trailing characters Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 21 Jan 2019 20:54:04 UTC Severi ...

In the GNU C Library (aka glibc or libc6) through 229, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled ...

Critical Infrastructure Sectors: Critical Manufacturing

NVD-CWE-noinfo https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html https://sourceware.org/bugzilla/show_bug.cgi?id=24155 http://www.securityfocus.com/bid/106835 https://security.gentoo.org/glsa/202006-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920047 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2019-7309

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect