Out-of-Bounds

Affecting glibc package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

References

CVSS Score

5.5
low severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE
CVE-2019-7309
Snyk ID
SNYK-UBUNTU1604-GLIBC-336255
Disclosed
03 Feb, 2019
Published
03 Feb, 2019