Buffer Overflow Vulnerability in GNU C Library for x86 Targets
CVE-2020-29573

7.5HIGH

Key Information:

Vendor
Gnu
Status
Glibc
Vendor
CVE Published:
6 December 2020

Summary

A buffer overflow vulnerability exists in the GNU C Library (glibc) for x86 targets prior to version 2.23. This issue arises when the input to the printf family of functions contains an 80-bit long double with a non-canonical bit pattern, particularly when specific byte sequences are passed to functions such as sprintf. As a result, an attacker could exploit this vulnerability to potentially manipulate or corrupt memory, leading to unexpected application behavior or denial of service. Importantly, this vulnerability does not impact glibc versions 2.23 and later due to significant updates made in 2015 that improved how C99 math functions are handled with GCC built-ins.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=26649
x_refsource_MISC
https://sourceware.org/pipermail/libc-alpha/2020-Septembe...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210122-0004/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.