Severity
7.8HIGH
EPSS
0.1%
top 64.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 18
Latest updateMay 13
Description
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
🔴Vulnerability Details
3GHSA▶
GHSA-7x9c-h7v7-85mv: The string component in the GNU C Library (aka glibc or libc6) through 2↗2022-05-13
OSV
▶
CVEList
▶
📋Vendor Advisories
3Red Hat▶
glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault↗2019-01-16
Microsoft▶
The string component in the GNU C Library (aka glibc or libc6) through 2.28 when running on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes which can le↗2019-01-08
Debian▶
CVE-2019-6488: glibc - The string component in the GNU C Library (aka glibc or libc6) through 2.28, whe...↗2019