CVE-2022-29503
published 2022-09-29CVE-2022-29503: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to…
PriorityP347critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.18%
63.7th percentile
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anker | eufy_homebase_2 | — | — |
| anker | eufy_homebase_2_firmware | — | — |
| debian | uclibc | — | — |
| msrc | cbl2_uclibc-ng_1.0.43-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_uclibc-ng_1.0.43-2_on_cbl_mariner_1.0 | — | — |
| uclibc-ng | uclibc-ng | — | — |
| uclibc-ng_project | uclibc-ng | — | — |
| uclibc | uclibc | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8544-pv22-r7m4: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0
ghsa_unreviewed·2022-09-30
CVE-2022-29503 [CRITICAL] CWE-119 GHSA-8544-pv22-r7m4: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
OSV
CVE-2022-29503: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0
osv·2022-09-29·CVSS 9.8
CVE-2022-29503 [CRITICAL] CVE-2022-29503: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
Microsoft
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create t
vendor_msrc·2022-09-13·CVSS 9.8
CVE-2022-29503 [CRITICAL] CWE-770 A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create t
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional produ
Debian
CVE-2022-29503: uclibc - A memory corruption vulnerability exists in the libpthread linuxthreads function...
vendor_debian·2022·CVSS 9.8
CVE-2022-29503 [CRITICAL] CVE-2022-29503: uclibc - A memory corruption vulnerability exists in the libpthread linuxthreads function...
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
blogs_talos·2022-09-22·CVSS 9.8
CVE-2022-29503 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library.
TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.
Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker confirmed that they’ve patched for this issue. However, uClibC has not issued an official fix
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
blogs_talos·2022-09-22·CVSS 9.8
CVE-2022-29503 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
## Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library.
TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.
Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker con
2022-09-29
Published