Bug 1905213 (CVE-2020-29573)
| Summary: | CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aoliva, arjun.is, ashankar, bdettelb, codonell, dj, fweimer, glibc-bugzilla, kmullins, law, mfabian, mnewsome, pfrankli, rth, scorneli, sipoyare, tomckay |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | glibc 2.33 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflow and cause an application crash. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-02 14:41:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1906071, 1906072, 1869380, 1966262, 1966263, 1966264 | ||
| Bug Blocks: | 1905219 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-12-07 18:30:50 UTC
External References: https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html (In reply to Huzaifa S. Sidhpurwala from comment #4) > External References: > > https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html FTR, that is not the fix for the issue; it is incorrect and in fact in the context of upstream, it is a nop. What fixed the problem upstream are these patches: https://sourceware.org/git/?p=glibc.git;h=d81f90ccd0109de9ed78aeeb8d86e2c6d4600690 https://sourceware.org/git/?p=glibc.git;h=8df4e219e43a4a257d0759b54fef8c488e2f282e This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0348 https://access.redhat.com/errata/RHSA-2021:0348 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-29573 Statement: This is essentially a crash which can only be triggered by a non-standard argument passed as a long double input to a member of printf family of functions. The application has to be written in this way to allow this issue to be triggered. The maximum impact is an application crash. This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:2813 https://access.redhat.com/errata/RHSA-2021:2813 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2998 https://access.redhat.com/errata/RHSA-2021:2998 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:3315 https://access.redhat.com/errata/RHSA-2021:3315 |