cnvd - cnvd-2021-01285

cnvd-2021-01285

Vulnerability from cnvd

Title: GNU C Library栈缓冲区溢出漏洞

Description:

GNU C Library (glibc)是一种按照LGPL许可协议发布的、开源、免费、方便从网络下载的C的编译程序。

GNU C Library 2.23之前版本中的sysdeps/i386/ldbl2mpn.c存在栈缓冲区溢出漏洞。攻击者可通过特制输入利用该漏洞导致栈缓冲区溢出。

Severity: 中

Patch Name: GNU C Library栈缓冲区溢出漏洞的补丁

Patch Description:

GNU C Library (glibc)是一种按照LGPL许可协议发布的、开源、免费、方便从网络下载的C的编译程序。

GNU C Library 2.23之前版本中的sysdeps/i386/ldbl2mpn.c存在栈缓冲区溢出漏洞。攻击者可通过特制输入利用该漏洞导致栈缓冲区溢出。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-29573

Impacted products

Name
Gnu GNU C Library <2.23

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-29573",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-29573"
    }
  },
  "description": "GNU C Library (glibc)\u662f\u4e00\u79cd\u6309\u7167LGPL\u8bb8\u53ef\u534f\u8bae\u53d1\u5e03\u7684\u3001\u5f00\u6e90\u3001\u514d\u8d39\u3001\u65b9\u4fbf\u4ece\u7f51\u7edc\u4e0b\u8f7d\u7684C\u7684\u7f16\u8bd1\u7a0b\u5e8f\u3002\n\nGNU C Library 2.23\u4e4b\u524d\u7248\u672c\u4e2d\u7684sysdeps/i386/ldbl2mpn.c\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://sourceware.org/pipermail/libc-alpha/2020-September/117779.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-01285",
  "openTime": "2021-01-07",
  "patchDescription": "GNU C Library (glibc)\u662f\u4e00\u79cd\u6309\u7167LGPL\u8bb8\u53ef\u534f\u8bae\u53d1\u5e03\u7684\u3001\u5f00\u6e90\u3001\u514d\u8d39\u3001\u65b9\u4fbf\u4ece\u7f51\u7edc\u4e0b\u8f7d\u7684C\u7684\u7f16\u8bd1\u7a0b\u5e8f\u3002\r\n\r\nGNU C Library 2.23\u4e4b\u524d\u7248\u672c\u4e2d\u7684sysdeps/i386/ldbl2mpn.c\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU C Library\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Gnu GNU C Library \u003c2.23"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-29573",
  "serverity": "\u4e2d",
  "submitTime": "2020-12-07",
  "title": "GNU C Library\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2020-29573 (GCVE-0-2020-29573)

Vulnerability from cvelistv5

Published

2020-12-05 23:18

Modified

2024-08-04 16:55

Severity ?

CWE

Summary

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

References

▼	URL	Tags
	https://sourceware.org/bugzilla/show_bug.cgi?id=26649	x_refsource_MISC
	https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210122-0004/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-20	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:10.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
          },
          {
            "name": "GLSA-202101-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
        },
        {
          "name": "GLSA-202101-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-20"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649",
              "refsource": "MISC",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
            },
            {
              "name": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html",
              "refsource": "MISC",
              "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
            },
            {
              "name": "GLSA-202101-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-20"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29573",
    "datePublished": "2020-12-05T23:18:58",
    "dateReserved": "2020-12-05T00:00:00",
    "dateUpdated": "2024-08-04T16:55:10.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted