Red Hat: CVE-2020-29573: Moderate: glibc security and bug fix update (RHSA-2021:0348)
Severity:
CVSS:
Published:
Created:
Added:
Modified:
Description:
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.'
Solution(s)
- redhat-upgrade-glibc
- redhat-upgrade-glibc-common
- redhat-upgrade-glibc-debuginfo
- redhat-upgrade-glibc-debuginfo-common
- redhat-upgrade-glibc-devel
- redhat-upgrade-glibc-headers
- redhat-upgrade-glibc-static
- redhat-upgrade-glibc-utils
- redhat-upgrade-nscd
Reference(s)
- CVE-2020-25677
- CVE-2020-29599
- ALAS-2021-1479
- CVE-2020-29599
- ELSA-2021-0024
- CVE-2020-29599
- https://attackerkb.com/topics/cve-2020-29599
- AL2/ALAS-2021-1596
- CVE - 2020-29599
- CVE-2020-29599
- ELSA-2021-0348
- CVE-2020-29573
- CVE-2020-29573
- CVE-2020-29573
OTHER SERVICES
Consulting Services
We help your team successfully protect your company within your budget.
LEARN MOREApplication Security Services
Achieve more-secure applications, compliant environments, and safer systems development with streamlined and repeatable processes.
LEARN MOREData Security Services
Protectyour critical data across multiple environments, meet privacy regulations and simplify operational complexity.
LEARN MORECloud Security Testing Services
Identify cloud vulnerabilities that tools alone cannot find.
LEARN MORESecurity Risk Services
Secure your operations and respond to threats with accuracy and speed.
LEARN MORECloud Security Monitoring Services
Real-time threat detection across your cloud deployments.
LEARN MORE