CVE-1999-0199: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
debian	glibc	< glibc 2.2-1 (bookworm)	glibc 2.2-1 (bookworm)
gnu	glibc	< 2.2	2.2
gnu	glibc	>= 0 < 2.2-1	2.2-1
gnu	glibc	>= 0 < 2.2-1	2.2-1
gnu	glibc	>= 0 < 2.2-1	2.2-1
gnu	glibc	>= 0 < 2.2-1	2.2-1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL