SB2019020506 - Denial of service in GNU glibc
Published: February 5, 2019
Security Bulletin ID
SB2019020506
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2019-7309)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.
Remediation
Install update from vendor's website.