Lucene search

Ubuntu.comUB:CVE-2019-14871

HistoryMar 18, 2020 - 12:00 a.m.

CVE-2019-14871

2020-03-1800:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by
REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in
versions prior to 3.3.0, does not check for memory allocation problems when
the DEBUG flag is unset (as is the case in production firmware builds).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnewlib< anyUNKNOWN
ubuntu16.04noarchnewlib< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	newlib	< any	UNKNOWN
ubuntu	16.04	noarch	newlib	< any	UNKNOWN

References

census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

launchpad.net/bugs/cve/CVE-2019-14871

nvd.nist.gov/vuln/detail/CVE-2019-14871

security-tracker.debian.org/tracker/CVE-2019-14871

www.cve.org/CVERecord?id=CVE-2019-14871

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

Related for UB:CVE-2019-14871