CVE-2019-7309 Information

Description

In the GNU C Library (aka glibc or libc6) through 2.29 the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/106835 https://security.gentoo.org/glsa/202006-04 https://sourceware.org/bugzilla/show_bug.cgi?id=24155 https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5