Mitigation Bypass in GNU Libc Affects Multiple Platforms
CVE-2019-1010025

5.3MEDIUM

Key Information:

Vendor

Gnu Libc

Status
Glibc
Vendor
CVE Published:
15 July 2019

What is CVE-2019-1010025?

The GNU Libc library is vulnerable to a mitigation bypass that allows an attacker to exploit predictable heap addresses of pthread-created threads. While the vendor argues that ASLR bypass itself is not a vulnerability, this weakness can be leveraged by attackers to gain further insight into the memory layout of affected systems, ultimately leading to potential exploitation. Organizations using this library should be aware of the implications and assess their systems accordingly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

glibc current (At least as of 2018-02-16)

References

https://sourceware.org/bugzilla/show_bug.cgi?id=22853
x_refsource_MISC
https://support.f5.com/csp/article/K06046097
x_refsource_CONFIRM
https://support.f5.com/csp/article/K06046097?utm_source=f...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.