Vulnerability Description
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
CVSS Score
5.5
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | <= 2.29 |
References
- http://www.securityfocus.com/bid/106835Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/202006-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=24155ExploitIssue TrackingThird Party Advisory
- https://sourceware.org/ml/libc-alpha/2019-02/msg00041.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/106835Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/202006-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=24155ExploitIssue TrackingThird Party Advisory
- https://sourceware.org/ml/libc-alpha/2019-02/msg00041.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2019-7309?
CVE-2019-7309 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant...
How severe is CVE-2019-7309?
CVE-2019-7309 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7309?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc.