CVE-2019-7309

medium

Description

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

References

https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html

https://sourceware.org/bugzilla/show_bug.cgi?id=24155

https://security.gentoo.org/glsa/202006-04

http://www.securityfocus.com/bid/106835

Details

Source: Mitre, NVD

Published: 2019-02-03

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium