Vulnerabilities > CVE-2019-7309 - Unspecified vulnerability in GNU Glibc

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

gnu

NVD

Published: 2019-02-03

Updated: 2020-08-24

Summary

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc 2.12 GNU Glibc 2.17 GNU Glibc 2.18 GNU Glibc 2.20 GNU Glibc 2.22 GNU Glibc 2.23 GNU Glibc 2.26 GNU Glibc 2.27 GNU Glibc 2.28 GNU Glibc 2.29	10

References

https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
https://sourceware.org/bugzilla/show_bug.cgi?id=24155
http://www.securityfocus.com/bid/106835
https://security.gentoo.org/glsa/202006-04