CVE-2019-7309
Published: 03 February 2019
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
Priority
CVSS 3 base score: 5.5
Status
Notes
Author | Note |
---|---|
mdeslaur | only affects x32 we will not be fixing this issue in Ubuntu stable releases, marking as ignored |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309
- https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
- https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html
- NVD
- Launchpad
- Debian