This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
DescriptionIn the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:NIST: NVD
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:NIST: NVD
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and ToolsBy selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration CWE-ID CWE Name Source CWE-125 Out-of-bounds Read NIST Change History 14 change records found show changes CVE Modified by CVE 11/20/2024 11:51:07 PM Action Type Old Value New Value Added Referencehttp://www.securityfocus.com/bid/107160Added Reference
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140Added Reference
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142Added Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10278Added Reference
https://security.gentoo.org/glsa/202006-04Added Reference
https://security.netapp.com/advisory/ntap-20190315-0002/Added Reference
https://sourceware.org/bugzilla/show_bug.cgi?id=24114Added Reference
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=583dd860d5b833037175247230a328f0050dbfe9Added Reference
https://support.f5.com/csp/article/K54823184Added Reference
https://usn.ubuntu.com/4416-1/Added Reference
https://www.oracle.com/security-alerts/cpuapr2022.htmlCVE Modified by MITRE 5/14/2024 2:10:06 AM Action Type Old Value New Value CVE Modified by MITRE 11/06/2023 10:13:36 PM Action Type Old Value New Value Added Reference
MITRE https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=583dd860d5b833037175247230a328f0050dbfe9 [No types assigned]Removed Reference
MITRE https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9Modified Analysis by NIST 6/13/2022 2:59:18 PM Action Type Old Value New Value Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRemoved CVSS V3
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdded CPE Configuration
OR
*cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions from (including) 7.7.2.0 up to (excluding) 7.7.2.21
*cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions from (including) 7.8.2.0 up to (excluding) 7.8.2.8
*cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.1 Added CPE Configuration
OR
*cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* Changed Reference Type
http://www.securityfocus.com/bid/107160 Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/107160 Broken LinkChanged Reference Type
https://kc.mcafee.com/corporate/index?page=content&id=SB10278 No Types Assigned
https://kc.mcafee.com/corporate/index?page=content&id=SB10278 Third Party AdvisoryChanged Reference Type
https://security.gentoo.org/glsa/202006-04 No Types Assigned
https://security.gentoo.org/glsa/202006-04 Third Party AdvisoryChanged Reference Type
https://support.f5.com/csp/article/K54823184 No Types Assigned
https://support.f5.com/csp/article/K54823184 Third Party AdvisoryChanged Reference Type
https://usn.ubuntu.com/4416-1/ No Types Assigned
https://usn.ubuntu.com/4416-1/ Third Party AdvisoryChanged Reference Type
https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned
https://www.oracle.com/security-alerts/cpuapr2022.html Not ApplicableCVE Modified by MITRE 4/19/2022 8:15:20 PM Action Type Old Value New Value Added Reference
https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]CVE Modified by MITRE 7/09/2020 4:15:13 PM Action Type Old Value New Value Added Reference
https://usn.ubuntu.com/4416-1/ [No Types Assigned]CVE Modified by MITRE 6/12/2020 11:15:11 PM Action Type Old Value New Value Added Reference
https://security.gentoo.org/glsa/202006-04 [No Types Assigned]CVE Modified by MITRE 4/16/2019 1:29:00 AM Action Type Old Value New Value Added Reference
https://support.f5.com/csp/article/K54823184 [No Types Assigned]CVE Modified by MITRE 4/10/2019 4:29:01 AM Action Type Old Value New Value Added Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10278 [No Types Assigned]Modified Analysis by NIST 3/15/2019 2:39:57 PM Action Type Old Value New Value Added CPE Configuration
OR
*cpe:2.3:a:netapp:cloud_backup:*:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* Changed Reference Type
https://security.netapp.com/advisory/ntap-20190315-0002/ No Types Assigned
https://security.netapp.com/advisory/ntap-20190315-0002/ Patch, Third Party AdvisoryCVE Modified by MITRE 3/15/2019 6:29:19 AM Action Type Old Value New Value Added Reference
https://security.netapp.com/advisory/ntap-20190315-0002/ [No Types Assigned]Modified Analysis by NIST 2/27/2019 10:26:35 AM Action Type Old Value New Value Changed Reference Type
http://www.securityfocus.com/bid/107160 No Types Assigned
http://www.securityfocus.com/bid/107160 Third Party Advisory, VDB EntryCVE Modified by MITRE 2/27/2019 6:29:06 AM Action Type Old Value New Value Added Reference
http://www.securityfocus.com/bid/107160 [No Types Assigned]Initial Analysis by NIST 2/26/2019 2:26:03 PM Action Type Old Value New Value Added CVSS V3
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdded CVSS V2
(AV:N/AC:L/Au:N/C:P/I:P/A:P)Added CWE
CWE-125Added CPE Configuration
OR
*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to (including) 2.29 Changed Reference Type
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 No Types Assigned
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 Exploit, Mailing List, Vendor AdvisoryChanged Reference Type
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 No Types Assigned
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 Exploit, Mailing List, Vendor AdvisoryChanged Reference Type
https://sourceware.org/bugzilla/show_bug.cgi?id=24114 No Types Assigned
https://sourceware.org/bugzilla/show_bug.cgi?id=24114 Issue Tracking, Patch, Third Party AdvisoryChanged Reference Type
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9 No Types Assigned
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9 Mailing List, Patch, Third Party Advisory
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4