// For flags

CVE-2019-9169

glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

En la biblioteca GNU C (también conocida como glibc o libc6), hasta la versión 2.29, proceed_next_node en posix/regexec.c tiene una sobrelectura de búfer basada en memoria dinámica (heap) mediante un intento de coincidencia de expresiones regulares que no distinguen entre mayúsculas y minúsculas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-02-25 CVE Reserved
  • 2019-02-26 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-08-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
<= 2.29
Search vendor "Gnu" for product "Glibc" and version " <= 2.29"
-
Affected
Netapp
Search vendor "Netapp"
Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
*-
Affected
Netapp
Search vendor "Netapp"
Ontap Select Deploy Administration Utility
Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"
--
Affected
Netapp
Search vendor "Netapp"
Steelstore Cloud Integrated Storage
Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"
--
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
>= 7.7.2.0 < 7.7.2.21
Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.7.2.0 < 7.7.2.21"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
>= 7.8.2.0 < 7.8.2.8
Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.8.2.0 < 7.8.2.8"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
>= 8.0.0 < 8.1.1
Search vendor "Mcafee" for product "Web Gateway" and version " >= 8.0.0 < 8.1.1"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
19.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"
-
Affected