Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 677272 (CVE-2019-7309) - sys-libs/glibc: x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
Summary: sys-libs/glibc: x32 memcmp can treat positive length as 0 (if sign bit in RDX...
Status: IN_PROGRESS
Alias: CVE-2019-7309
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: x86 Linux
: Low minor (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A4 [upstream/ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-04 18:56 UTC by D'juan McDonald (domhnall)
Modified: 2019-03-27 03:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-04 18:56:38 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-7309):

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

@maintainter(s): master branch for 2.27 was updated [ Mon Feb 4 08:55:52 2019 ],
via 2ebadb6451eda1d518d70e26cf4ceeb0362e2456. 


Gentoo Security Padawan
(domhnall)