{ "threat_severity" : "Moderate", "public_date" : "2020-02-12T00:00:00Z", "bugzilla" : { "description" : "glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions", "id" : "1810670", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1810670" }, "cvss3" : { "cvss3_base_score" : "5.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-121", "details" : [ "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability." ], "statement" : "The glibc version shipped with Red Hat Enterprise Linux 8 is compiled using gcc's stack-protector option which mitigates the possibility of code execution led by the stack corruption.\nThe glibc version shipped with Red Hat Enterprise Linux 7 is more difficult to exploit using this flaw, specifically for remote code execution. Because exploitation of the flaw depends on the usage of pseudo-zero values, an attacker can only overwrite the stack with 0s. Due to this, a valid address value for code execution is difficult to get and is likely to only result in a crash.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-02-02T00:00:00Z", "advisory" : "RHSA-2021:0348", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "glibc-0:2.17-322.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date" : "2021-08-31T00:00:00Z", "advisory" : "RHSA-2021:3315", "cpe" : "cpe:/o:redhat:rhel_aus:7.6", "package" : "glibc-0:2.17-260.el7_6.9" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date" : "2021-08-31T00:00:00Z", "advisory" : "RHSA-2021:3315", "cpe" : "cpe:/o:redhat:rhel_tus:7.6", "package" : "glibc-0:2.17-260.el7_6.9" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date" : "2021-08-31T00:00:00Z", "advisory" : "RHSA-2021:3315", "cpe" : "cpe:/o:redhat:rhel_e4s:7.6", "package" : "glibc-0:2.17-260.el7_6.9" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2021-08-03T00:00:00Z", "advisory" : "RHSA-2021:2998", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "glibc-0:2.17-292.el7_7.2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4444", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "glibc-0:2.28-127.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4444", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "glibc-0:2.28-127.el8" }, { "product_name" : "Red Hat OpenShift Do", "release_date" : "2021-03-22T00:00:00Z", "advisory" : "RHSA-2021:0949", "cpe" : "cpe:/a:redhat:openshift_do:1.0::el7", "package" : "openshiftdo/odo-init-image-rhel7:1.1.3-2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10029\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10029" ], "name" : "CVE-2020-10029", "csaw" : false }