CVE-2019-14876
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.
En la función __lshift de la biblioteca newlib libc, todas las versiones anteriores a 3.3.0 (ver el archivo newlib/libc/stdlib/mprec.c), Balloc es utilizado para asignar un entero grande, sin embargo, ninguna comprobación es realizada para verificar si la asignación tuvo éxito o no. El acceso a b1 activará un bug de desreferencia del puntero null en caso de un fallo de asignación de la memoria.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2020-03-19 CVE Published
- 2024-07-31 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Newlib Project Search vendor "Newlib Project" | Newlib Search vendor "Newlib Project" for product "Newlib" | < 3.3.0 Search vendor "Newlib Project" for product "Newlib" and version " < 3.3.0" | - |
Affected
|