Lucene search

[email protected]NVD:CVE-2024-30949

HistoryAug 20, 2024 - 3:15 p.m.

CVE-2024-30949

2024-08-2015:15:20

CWE-190

CWE-787

[email protected]

web.nvd.nist.gov

newlib vulnerability

arbitrary code execution

time unit scaling

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.0%

JSON

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

Affected configurations

Nvd

Node

newlib_projectnewlibMatch4.3.0

VendorProductVersionCPE
newlib_projectnewlib4.3.0cpe:2.3:a:newlib_project:newlib:4.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
newlib_project	newlib	4.3.0	cpe:2.3:a:newlib_project:newlib:4.3.0:::::::*

References

gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661

inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/

sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.0%

JSON

Related for NVD:CVE-2024-30949

ubuntucve1 cve1 debiancve1 cvelist1 osv1 vulnrichment1 redhatcve1