ID CVE-2020-29573
Summary sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:x86:*
  • cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
  • cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
  • cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
  • cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 26-04-2023 - 19:09)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://security.netapp.com/advisory/ntap-20210122-0004/
misc
Last major update 26-04-2023 - 19:09
Published 06-12-2020 - 00:15
Last modified 26-04-2023 - 19:09
Back to Top