CVE-2019-14871

Опубликовано: 18 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

Ссылки

https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
Exploit
Third Party Advisory
https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*

Версия до 3.3.0 (исключая)

EPSS

Процентиль: 64%

0.00465

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2019-14871

CVSS3: 6.5

ubuntu

почти 6 лет назад

CVE-2019-14871

CVSS3: 6.5

debian

почти 6 лет назад

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...

GHSA-2q4g-qm2f-cq2j

github

больше 3 лет назад

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in verisons prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

EPSS

Процентиль: 64%

0.00465

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476