cbcvebase.
CVE-2019-9169
published 2019-02-26

CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

Affected

18 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianglibc< glibc 2.28-9 (bookworm)glibc 2.28-9 (bookworm)
gnuglibc<= 2.29
gnuglibc>= 0 < 2.28-92.28-9
gnuglibc>= 0 < 2.28-92.28-9
gnuglibc>= 0 < 2.28-92.28-9
gnuglibc>= 0 < 2.28-92.28-9
gnuglibc>= 0 < 2.23-0ubuntu11.22.23-0ubuntu11.2
gnuglibc>= 0 < 2.27-3ubuntu1.22.27-3ubuntu1.2
mcafeeweb_gateway>= 7.7.2.0 < 7.7.2.217.7.2.21
mcafeeweb_gateway>= 7.8.2.0 < 7.8.2.87.8.2.8
mcafeeweb_gateway>= 8.0.0 < 8.1.18.1.1
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_glibc_2.28-12_on_cbl_mariner_1.0
paloaltopan-os

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL