CVE-2019-14872

Опубликовано: 19 мар. 2020

Источник: debian

EPSS Низкий

Описание

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
newlib	fixed	3.3.0-1		package
newlib	no-dsa		buster	package
newlib	no-dsa		stretch	package
newlib	ignored		jessie	package
picolibc	fixed	1.4.3-1		package

Примечания

https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
https://keithp.com/blogs/picolibc-string-float/

EPSS

Процентиль: 61%

0.00414

Низкий

Связанные уязвимости

CVE-2019-14872

CVSS3: 6.5

ubuntu

почти 6 лет назад

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

CVE-2019-14872

CVSS3: 6.5

nvd

почти 6 лет назад

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

GHSA-p7g8-2p6x-4pvg

github

больше 3 лет назад

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

EPSS

Процентиль: 61%

0.00414

Низкий