CVE-2024-30949

Опубликовано: 20 авг. 2024

Источник: debian

EPSS Низкий

Описание

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

Пакет	Статус	Версия исправления	Релиз	Тип
newlib	fixed	4.4.0.20231231-2		package

https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=5f15d7c5817b07a6b18cbab17342c95cb7b42be4 (newlib-4.4.0)
Only affects riscv, which is still WIP

EPSS

Процентиль: 67%

0.00553

Низкий

CVE-2024-30949

CVSS3: 9.8

ubuntu

больше 1 года назад

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

CVE-2024-30949

CVSS3: 9.8

redhat

больше 1 года назад

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

CVE-2024-30949

CVSS3: 9.8

nvd

больше 1 года назад

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

GHSA-qhpg-jf9r-mqxq

CVSS3: 9.8

github

больше 1 года назад

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

EPSS

Процентиль: 67%

0.00553

Низкий