CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.4AI score0.01331EPSS

SUSE CVE-2019-14874

In the i2b function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of x0 will trigger a null pointer dereference bug in case of...

SUSE CVE•added 2023/02/15 4:9 a.m.•3 views

SUSE CVE-2019-14873

In the multadd function of the newlib libc library, prior to versions 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory...

6.5CVSS6.4AI score0.01299EPSS

6.5CVSS6.4AI score0.01294EPSS

SUSE CVE-2019-14875

In the multiply function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of x0 will trigger a null pointer dereference bug in ca...

6.5CVSS6.4AI score0.01331EPSS

SUSE CVE-2019-14877

In the mdiff function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to wds and sign will trigger a null pointer dereference bug...

6.5CVSS6.4AI score0.01343EPSS

SUSE CVE-2019-14878

In the d2b function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing x will trigger a null pointer dereference bug in case of a...

SUSE CVE•added 2023/02/15 4:9 a.m.•3 views

SUSE CVE-2019-14876

In the lshift function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case...

6.5CVSS6.4AI score0.01331EPSS

SUSE CVE•added 2023/02/15 3:49 a.m.•1 views

SUSE CVE-2021-3420

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nanomemalign, nanovalloc, nanopvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow...

9.8CVSS9.3AI score0.02103EPSS

Exploits0References3

RedhatCVE•added 2022/05/20 11:50 p.m.•26 views

CVE-2021-3420

9.8CVSS5.3AI score0.02103EPSS

Exploits0References1

BDU FSTEC•added 2021/10/13 12:0 a.m.•7 views

The vulnerability of the newlib library, caused by a numerical overflow, allows an attacker to trigger a buffer overflow.

The vulnerability of the newlib library is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to trigger a buffer overflow...

10CVSS8.2AI score0.02103EPSS

Exploits0References5Affected Software3

Veracode•added 2021/05/06 7:37 a.m.•21 views

Arbitrary Code Execution

newlib is vulnerable to arbitrary code execution. An integer overflow in mEMALIGn, pvALLOc, nanomemalign, nanovalloc, nanopvalloc leads to a heap-based buffer overflow and allows an attacker to execute arbitrary code on the host OS...

9.8CVSS4.6AI score0.02103EPSS

Exploits0References8Affected Software1

OpenVAS•added 2021/03/20 12:0 a.m.•19 views

Fedora: Security Advisory for arm-none-eabi-newlib (FEDORA-2021-0fa2f42d3c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02103EPSS

Fedora•added 2021/03/12 12:7 a.m.•49 views

[SECURITY] Fedora 32 Update: arm-none-eabi-newlib-4.1.0-1.fc32

Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...

9.8CVSS2.2AI score0.02103EPSS

Exploits0

OpenVAS•added 2021/03/12 12:0 a.m.•25 views

Fedora: Security Advisory for arm-none-eabi-newlib (FEDORA-2021-332fb9c796)

9.8CVSS9.6AI score0.02103EPSS

OpenVAS•added 2021/03/12 12:0 a.m.•15 views

Fedora: Security Advisory for arm-none-eabi-newlib (FEDORA-2021-267c08cc40)

9.8CVSS9.6AI score0.02103EPSS

Tenable Nessus•added 2021/03/12 12:0 a.m.•32 views

Fedora 33 : arm-none-eabi-newlib (2021-267c08cc40)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-267c08cc40 advisory. - A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nanomemalign,...

9.8CVSS8.3AI score0.02103EPSS

Tenable Nessus•added 2021/03/12 12:0 a.m.•28 views

Fedora 32 : arm-none-eabi-newlib (2021-332fb9c796)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-332fb9c796 advisory. - A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nanomemalign,...

9.8CVSS8.3AI score0.02103EPSS