CVE-2020-29573: Buffer Overflow
First published: Sat Dec 05 2020(Updated: )
GNU C Library is vulnerable to a stack-based buffer overflow, caused by not handling non-normal x86 long double numbers gracefully for printf family functions. By sending a specially crafted value to the functions, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU glibc | <2.23 | |
| Redhat Enterprise Linux | =7.0 | |
| Netapp Cloud Backup | ||
| Netapp Solidfire Baseboard Management Controller | ||
| IBM Cloud Pak for Security (CP4S) | <=1.6.0.1 | |
| IBM Cloud Pak for Security (CP4S) | <=1.6.0.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.5.0.1 | |
| IBM Cloud Pak for Security (CP4S) | <=1.5.0.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security.gentoo.org/glsa/202101-20
- https://security.netapp.com/advisory/ntap-20210122-0004/
- https://sourceware.org/bugzilla/show_bug.cgi?id=26649
- https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192722
- https://www.ibm.com/support/pages/node/6453115 (Advisory)
Frequently Asked Questions
What is CVE-2020-29573?
CVE-2020-29573 is a vulnerability in the GNU C Library (glibc) that allows for a stack-based buffer overflow.
How does CVE-2020-29573 occur?
CVE-2020-29573 occurs due to the GNU C Library's failure to handle non-normal x86 long double inputs properly, leading to the buffer overflow vulnerability.
What is the severity level of CVE-2020-29573?
CVE-2020-29573 has a severity level of 7.5, which is considered high.
Which software versions are affected by CVE-2020-29573?
CVE-2020-29573 affects GNU C Library (glibc) versions up to and excluding 2.23, Red Hat Enterprise Linux 7.0, NetApp Cloud Backup, and NetApp SolidFire Baseboard Management Controller. It also affects IBM Cloud Pak for Security (CP4S) versions up to and including 1.7.2.0, 1.7.1.0, and 1.7.0.0.
How can I fix CVE-2020-29573?
To fix CVE-2020-29573, you should update affected software to a version that includes the necessary security patches. Refer to the vendor's advisories and security resources for specific guidance.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu glibc
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire baseboard management controller
- vendor/ibm
- canonical/ibm cloud pak for security (cp4s)
- version/ibm cloud pak for security (cp4s)/1.6.0.1
- version/ibm cloud pak for security (cp4s)/1.6.0.0
- version/ibm cloud pak for security (cp4s)/1.5.0.1
- version/ibm cloud pak for security (cp4s)/1.5.0.0
- version/ibm cloud pak for security (cp4s)/1.4.0.0