StarlingX

CVE-2020-29573: glibc buffer overflow

Bug #1947610 reported by Joe Slater
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Joe Slater

Bug Description

glibc: Stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern.

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Severity: Minor

Ghada Khalil (gkhalil)
information type: Public → Public Security
Changed in starlingx:
assignee: nobody → Joe Slater (jslater0wind)
importance: Undecided → Critical
importance: Critical → Low
status: New → Triaged
tags: added: stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/814599

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/814599
Committed: https://opendev.org/starlingx/tools/commit/88c1a31caf0f0d2d98bb72d7f3568accaa8a0356
Submitter: "Zuul (22348)"
Branch: master

commit 88c1a31caf0f0d2d98bb72d7f3568accaa8a0356
Author: Joe Slater <email address hidden>
Date: Thu Oct 14 17:38:03 2021 -0400

    glibc: fix CVE-2020-29573 printf() buffer overflow

    Also fix CVE-2020-10029, stack corruption in cosl(), sinl(),
    sincosl(), and tanl().

    Also fix CVE-2019-25013, buffer over-read in iconv().

    Advance to glibc-2.17-323 from glibc-2.17-317. The base version
    is unchanged. .so versions are unchanged.

    Testing
    PASS: build-pkgs --clean; build-pkgs; build-iso
    PASS: install, provision and unlock AIO-SX

    Closes-Bug: 1947610
    Signed-off-by: Joe Slater <email address hidden>
    Change-Id: Ic0d94411db76879740bc142f9aa512c209ad59be

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
tags: added: stx.6.0
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.