gnu glibc CVE-2020-29573 vulnerability in GNU and Other Products
Published on December 6, 2020

product logo product logo product logo
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Vendor Advisory NVD


Products Associated with CVE-2020-29573

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-29573 are published in these products:

GNU Glibc
 
Red Hat Enterprise Linux (RHEL)
 
NetApp Cloud Backup
 
NetApp Solidfire Baseboard Management Controller
 

Exploit Probability

EPSS
0.16%
Percentile
36.73%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.