CVE-2019-9169
glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
En la biblioteca GNU C (también conocida como glibc o libc6), hasta la versión 2.29, proceed_next_node en posix/regexec.c tiene una sobrelectura de búfer basada en memoria dinámica (heap) mediante un intento de coincidencia de expresiones regulares que no distinguen entre mayúsculas y minúsculas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-25 CVE Reserved
- 2019-02-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/107160 | Broken Link | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10278 | Third Party Advisory | |
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=583dd860d5b833037175247230a328f0050dbfe9 | X_refsource_misc | |
https://support.f5.com/csp/article/K54823184 | Third Party Advisory | |
https://www.oracle.com/security-alerts/cpuapr2022.html | Not Applicable |
URL | Date | SRC |
---|---|---|
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 | 2024-08-04 | |
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://security.netapp.com/advisory/ntap-20190315-0002 | 2023-11-07 | |
https://sourceware.org/bugzilla/show_bug.cgi?id=24114 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202006-04 | 2023-11-07 | |
https://usn.ubuntu.com/4416-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2019-9169 | 2021-05-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1684057 | 2021-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.29 Search vendor "Gnu" for product "Glibc" and version " <= 2.29" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | * | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | >= 7.7.2.0 < 7.7.2.21 Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.7.2.0 < 7.7.2.21" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | >= 7.8.2.0 < 7.8.2.8 Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.8.2.0 < 7.8.2.8" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | >= 8.0.0 < 8.1.1 Search vendor "Mcafee" for product "Web Gateway" and version " >= 8.0.0 < 8.1.1" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
|