CVE-2019-9169 — Out-of-bounds Read in Glibc

CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

9.8CRITICALNVD

EPSS

7.1%

top 8.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Mcafee WEB Gateway Canonical Ubuntu Linux

Timeline

PublishedFeb 26

Latest updateMay 13

Description

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debiangnu/glibc< 2.28-9+3

▶NVDgnu/glibc2.29

▶NVDmcafee/web_gateway7.7.2.0 — 7.7.2.21+2

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: security.netapp.com ↗Patch: sourceware.org ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-mw8g-rgqf-rw5h: In the GNU C Library (aka glibc or libc6) through 2↗2022-05-13

▶

OSV

CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2↗2019-02-26

▶

CVEList

CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2↗2019-02-26

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2020-07-06

▶

Microsoft

In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.↗2019-02-12

▶

Red Hat

glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read↗2019-01-20

▶

Debian

CVE-2019-9169: glibc - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in pos...↗2019

▶

💬Community

Bugzilla

CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read↗2019-02-28

▶

Bugzilla

CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read [fedora-all]↗2019-02-28

▶