Man-in-the-middle Vulnerability in GNU C Library Affecting Developers
CVE-1999-0199

9.8CRITICAL

Key Information:

Vendor
Gnu
Status
Glibc
Vendor
CVE Published:
6 October 2020

Summary

The GNU C Library (glibc) prior to version 2.2 contains a vulnerability associated with documentation related to the tdelete function. This oversight means that if developers utilize this function without being aware of the documentation updates, it may lead to the potential exposure of a dangling pointer. This situation creates a security risk as attackers could exploit this weakness, impacting applications that rely on the glibc. Developers need to check their versions and any reliance on the tdelete function to mitigate risks.

References

https://www.cee.studio/tdelete.html
x_refsource_MISC
https://github.com/bminor/glibc/commit/2864e767053317538f...
x_refsource_MISC
https://ftp.gnu.org/gnu/glibc/glibc-2.2.tar.gz
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.