This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
DescriptionIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:NIST: NVD
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:NIST: NVD
Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)
References to Advisories, Solutions, and ToolsBy selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration CWE-ID CWE Name Source NVD-CWE-noinfo Insufficient Information NIST Change History 7 change records found show changes CVE Modified by CVE 11/20/2024 11:47:58 PM Action Type Old Value New Value Added Referencehttp://www.securityfocus.com/bid/106835Added Reference
https://security.gentoo.org/glsa/202006-04Added Reference
https://sourceware.org/bugzilla/show_bug.cgi?id=24155Added Reference
https://sourceware.org/ml/libc-alpha/2019-02/msg00041.htmlCVE Modified by MITRE 5/14/2024 2:06:32 AM Action Type Old Value New Value CWE Remap by NIST 8/24/2020 1:37:01 PM Action Type Old Value New Value Changed CWE
CWE-119
NVD-CWE-noinfoCVE Modified by MITRE 6/12/2020 11:15:11 PM Action Type Old Value New Value Added Reference
https://security.gentoo.org/glsa/202006-04 [No Types Assigned]Modified Analysis by NIST 2/27/2019 1:07:04 PM Action Type Old Value New Value Changed CPE Configuration
OR
*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to (including) 2.29
OR
*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:x86:* versions up to (including) 2.29 Changed Reference Type
http://www.securityfocus.com/bid/106835 No Types Assigned
http://www.securityfocus.com/bid/106835 Third Party Advisory, VDB EntryCVE Modified by MITRE 2/06/2019 6:29:03 AM Action Type Old Value New Value Added Reference
http://www.securityfocus.com/bid/106835 [No Types Assigned]Initial Analysis by NIST 2/05/2019 12:37:39 PM Action Type Old Value New Value Added CVSS V3
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HAdded CVSS V2
(AV:L/AC:L/Au:N/C:N/I:N/A:P)Added CWE
CWE-119Added CPE Configuration
OR
*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to (including) 2.29 Changed Reference Type
https://sourceware.org/bugzilla/show_bug.cgi?id=24155 No Types Assigned
https://sourceware.org/bugzilla/show_bug.cgi?id=24155 Exploit, Issue Tracking, Third Party AdvisoryChanged Reference Type
https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html No Types Assigned
https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html Mailing List, Third Party Advisory
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4