Описание
The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
Ссылки
- https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ExploitThird Party Advisory
- https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (исключая)
cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00414
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-476
CWE-476
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 6 лет назад
The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
CVSS3: 6.5
debian
почти 6 лет назад
The _dtoa_r function of the newlib libc library, prior to version 3.3. ...
github
больше 3 лет назад
The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
EPSS
Процентиль: 61%
0.00414
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-476
CWE-476