heap-based buffer over-read in glibc CVE-2019-9169 critical remote

Tracked by Jolla

asked 2019-07-24 15:05:09 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2019-07-24 17:41:26 +0300

lpr gravatar image

(MER#2047)

https://nvd.nist.gov/vuln/detail/CVE-2019-9169

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVSS3_base_score: 9.8 critical

This CVE and CVE-2019-6488 CVE-2016-10739 CVE-2019-7309 and CVE-2018-19591 should be fixed through update glibc-2.28 vanilla to debian-glibc-2.28-10 .

edit retag flag offensive close delete

Comments

Thanks for reporting.

Sage ( 2019-07-24 15:30:16 +0300 )edit