CVE-2022-29503Improper Restriction of Operations within the Bounds of a Memory Buffer in Uclibc-ng

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-770Allocation of Resources Without Limits or Throttling7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Anker Eufy Homebase 2Uclibc-ngAnker Eufy Homebase 2 Firmware+9 more
Timeline
PublishedSep 29
Latest updateSep 30

Description

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

NVDuclibc/uclibc0.9.33.2
debiandebian/uclibc
CVEListV5uclibc-ng/uclibc-ng1.0.40

🔴Vulnerability Details

2
GHSA
GHSA-8544-pv22-r7m4: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 02022-09-30
OSV
CVE-2022-29503: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 02022-09-29

📋Vendor Advisories

2
Microsoft
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create t2022-09-13
Debian
CVE-2022-29503: uclibc - A memory corruption vulnerability exists in the libpthread linuxthreads function...2022

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices2022-09-22
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices2022-09-22