CVE-2019-9169
Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 26 Feb 2019, 02:00
Last modified:04 Aug 2024, 21:38
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
4.95% LOW
5% probability -8.79%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
26 Feb 2019, 02:00
Published
Vulnerability first disclosed
04 Aug 2024, 21:38
Last Modified
Vulnerability information updated
Description
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 4.95%• Percentile: 90%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04 | 19.10
- gnu•glibc
≤ 2.29
- mcafee•web_gateway
≥ 7.7.2.0, < 7.7.2.21 | ≥ 7.8.2.0, < 7.8.2.8 | ≥ 8.0.0, < 8.1.1
- netapp•ontap_select_deploy_administration_utility
na
- netapp•steelstore_cloud_integrated_storage
na
References (11)
- http://www.securityfocus.com/bid/107160
- https://security.gentoo.org/glsa/202006-04
- https://usn.ubuntu.com/4416-1/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=583dd860d5b833037175247230a328f0050dbfe9
- https://security.netapp.com/advisory/ntap-20190315-0002/
- https://sourceware.org/bugzilla/show_bug.cgi?id=24114
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
- https://support.f5.com/csp/article/K54823184