Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711558 (CVE-2020-10029) - <sys-libs/glibc-2.30-r6 : Stack corruption from crafted input to sinl() (CVE-2020-10029)
Summary: <sys-libs/glibc-2.30-r6 : Stack corruption from crafted input to sinl() (CVE-...
Alias: CVE-2020-10029
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+ cve]
Depends on: glibc-2.30-stable
  Show dependency tree
Reported: 2020-03-04 21:26 UTC by Sam James
Modified: 2020-06-13 01:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-04 21:26:27 UTC
"The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c."


Fixed in 2.32.
Comment 1 NATTkA bot gentoo-dev 2020-04-12 19:21:52 UTC
Unable to check for sanity:

> dependent bug #712726 is missing keywords
Comment 2 NATTkA bot gentoo-dev 2020-04-13 14:40:31 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 3 Larry the Git Cow gentoo-dev 2020-05-04 18:37:42 UTC
The bug has been referenced in the following commit(s):

commit cce133930b2d85cd8bed66715857ccf550048bbd
Author:     Andreas K. Hüttel <>
AuthorDate: 2020-05-04 18:35:42 +0000
Commit:     Andreas K. Hüttel <>
CommitDate: 2020-05-04 18:37:12 +0000

    package.mask: Update old glibc mask, now masking <2.30-r8
    Signed-off-by: Andreas K. Hüttel <>

 profiles/package.mask | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2020-05-22 00:49:35 UTC
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-06-13 01:05:12 UTC
This issue was resolved and addressed in
 GLSA 202006-04 at
by GLSA coordinator Aaron Bauman (b-man).