CVE-2019-6488

EUVD-2019-16048
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
trusty
ignored
xenial
dne
glibc
bionic
ignored
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
trusty
dne
xenial
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106671
https://security.gentoo.org/glsa/202006-04
https://sourceware.org/bugzilla/show_bug.cgi?id=24097
http://www.securityfocus.com/bid/106671
https://security.gentoo.org/glsa/202006-04
https://sourceware.org/bugzilla/show_bug.cgi?id=24097