Vulnerability Details : CVE-2019-1010022
Potential exploit
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Vulnerability category: Overflow
Products affected by CVE-2019-1010022
- cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1010022
0.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1010022
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-1010022
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-1010022
-
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
22850 – (CVE-2019-1010022) Harden TCB against stack protector bypass via overwrite of stack_guard
-
https://security-tracker.debian.org/tracker/CVE-2019-1010022
CVE-2019-1010022
-
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
22850 – (CVE-2019-1010022) Harden TCB against stack protector bypass via overwrite of stack_guardExploit;Issue Tracking;Third Party Advisory
-
https://ubuntu.com/security/CVE-2019-1010022
CVE-2019-1010022 | Ubuntu
Jump to