CVE-2020-29573 — HIGH (7.5)

Q: How severe is CVE-2020-29573?

CVE-2020-29573 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-29573?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Redhat Enterprise Linux, Netapp Cloud Backup, Netapp Solidfire Baseboard Management Controller.

Vulnerability Description

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Glibc	< 2.23
Redhat	Enterprise Linux	7.0
Netapp	Cloud Backup	-
Netapp	Solidfire Baseboard Management Controller	-

Related Weaknesses (CWE)

CWE-787

References

https://security.gentoo.org/glsa/202101-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26649Issue TrackingPatchThird Party Advisory
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.htmlPatchThird Party Advisory
https://security.gentoo.org/glsa/202101-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26649Issue TrackingPatchThird Party Advisory
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.htmlPatchThird Party Advisory

FAQ

What is CVE-2020-29573?

CVE-2020-29573 is a vulnerability with a CVSS score of 7.5 (HIGH). sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long d...

How severe is CVE-2020-29573?

CVE-2020-29573 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29573?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Redhat Enterprise Linux, Netapp Cloud Backup, Netapp Solidfire Baseboard Management Controller.