CVE-2019-7309 — Return of Wrong Status Code in Glibc

CWE-393 — Return of Wrong Status Code9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedFeb 3

Latest updateMay 13

Description

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/glibc< 2.28-6+3

▶NVDgnu/glibc2.29

🔴Vulnerability Details

GHSA

GHSA-2g8x-3m62-h85f: In the GNU C Library (aka glibc or libc6) through 2↗2022-05-13

▶

CVEList

CVE-2019-7309: In the GNU C Library (aka glibc or libc6) through 2↗2019-02-03

▶

OSV

CVE-2019-7309: In the GNU C Library (aka glibc or libc6) through 2↗2019-02-03

▶

📋Vendor Advisories

Microsoft

In the GNU C Library (aka glibc or libc6) through 2.29 the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant ↗2019-02-12

▶

Red Hat

glibc: memcmp function incorrectly returns zero↗2019-02-02

▶

Debian

CVE-2019-7309: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for ...↗2019

▶

💬Community

Bugzilla

CVE-2019-7309 glibc: memcmp function incorrectly returns zero [fedora-all]↗2019-03-05

▶

Bugzilla

CVE-2019-7309 glibc: memcmp function incorrectly returns zero↗2019-02-04

▶