Vulnerability CVE-2020-29573

Vulnerability Name:

CVE-2020-29573 (CCN-192722)

Assigned:

2020-09-22

Published:

2020-09-22

Updated:

2021-01-26

Summary:

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf.
Note: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-787
CWE-121

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-29573

Source: XF
Type: UNKNOWN
gnu-cve202029573-bo(192722)

Source: GENTOO
Type: UNKNOWN
GLSA-202101-20

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20210122-0004/

Source: CCN
Type: Sourceware Bugzilla Bug 26649
printf should handle non-normal x86 long double numbers gracefully

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26649

Source: MISC
Type: Patch, Third Party Advisory
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html

Source: CCN
Type: GNU Web site
The GNU C Library (glibc)

Source: CCN
Type: IBM Security Bulletin 6453115 (Cloud Pak for Security)
Cloud Pak for Security contains security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6493729 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to several CVEs

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:glibc:*:*:*:*:*:*:x86:* (Version < 2.23)

Configuration 2:

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:cloud_pak_for_security:1.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:93158	P	(Important)	2022-07-14
oval:org.opensuse.security:def:93311	P	(Important)	2022-07-08
oval:org.opensuse.security:def:94680	P	libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95015	P	glibc-devel-32bit-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94946	P	libical-devel-3.0.10-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3568	P	libEMF1-1.0.13-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2935	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3385	P	glibc-devel-32bit-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94565	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:68	P	glibc-2.31-7.30 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:101659	P	Security update for python-libxml2-python (Important)	2022-03-10
oval:org.opensuse.security:def:99203	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112305	P	glibc-2.34-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:997	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important)	2022-01-10
oval:org.opensuse.security:def:102214	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:105828	P	glibc-2.34-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101393	P	python3-virt-bootstrap-1.0.0-5.3.124 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1919	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63008	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71827	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100844	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72727	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101266	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62086	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99398	P	(Moderate)	2021-07-20
oval:org.opensuse.security:def:59455	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:88411	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:33890	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:23882	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:59713	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:89110	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:34404	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:26027	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:60227	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:89368	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:51870	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:88099	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:33632	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:111242	P	Security update for glibc (Important)	2021-02-27
oval:org.opensuse.security:def:9454	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:92253	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:108880	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:67042	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:99796	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:10398	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:8707	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:93005	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:70348	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:74694	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:9648	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:92448	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:69594	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:97247	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:100108	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:8897	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:70538	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:108059	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:64657	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:76110	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:9847	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:95501	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:4537	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:92647	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:69788	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:9092	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:92058	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:108325	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:65626	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:99597	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:10208	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:5953	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:92846	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:69987	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:73779	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:99008	P	Security update for glibc (Important)	2021-02-26
oval:com.redhat.rhsa:def:20210348	P	RHSA-2021:0348: glibc security and bug fix update (Moderate)	2021-02-02

BACK