Newlib Security Vulnerabilities and Issues — Newlib CVE List

Newlib ProjectNewlib

10 matches found

CVE•added 2021/03/05 7:19 p.m.•157 views

CVE-2021-3420

CVE-2021-3420 affects newlib versions prior to 4.0.0. The vulnerability arises from improper overflow validation in memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, and nano_pvalloc, causing an integer overflow that can allocate a too-small buffer and trigger a heap-base...

9.8CVSS9.3AI score0.02103EPSS

CVE•added 2024/08/20 12:0 a.m.•68 views

CVE-2024-30949

CVE-2024-30949 concerns an issue in the GNU C library replacement newlib version 4.3.0 where the time unit scaling in the function _gettimeofday may allow an attacker to execute arbitrary code. The connected sources consistently describe the vulnerability and its impact as arbitrary code executio...

9.8CVSS7.5AI score0.00762EPSS

CVE•added 2020/03/19 3:8 p.m.•57 views

CVE-2019-14876

The CVE-2019-14876 issue affects the newlib libc library, specifically the __lshift function in the mprec.c area. All versions prior to 3.3.0 are affected because Balloc is used to allocate a big integer without verifying allocation success; if the allocation fails, access to b1 can trigger a nul...

6.5CVSS6.3AI score0.01331EPSS

CVE•added 2020/03/19 3:4 p.m.•56 views

CVE-2019-14877

CVE-2019-14877 affects the newlib libc library: in the __mdiff function, all versions prior to 3.3.0 allocate big integers with Balloc without checking allocation success, leading to potential dereference of _wds and _sign on failure. This is a null pointer dereference vulnerability that can impa...

6.5CVSS6.3AI score0.01331EPSS

CVE•added 2020/03/19 3:4 p.m.•55 views

CVE-2019-14878

Affected software: newlib libc. Vulnerable in versions prior to 3.3.0, specifically in the __d2b function (see newlib/libc/stdlib/mprec.c). The issue stems from Balloc allocating a big integer without validating allocation success; accessing _x may trigger a null pointer dereference on memory all...

6.5CVSS6.3AI score0.01343EPSS

CVE•added 2020/03/19 3:7 p.m.•54 views

CVE-2019-14874

CVE-2019-14874 affects the newlib libc library: in the function __i2b (newlib/libc/stdlib/mprec.c), all versions prior to 3.3.0 allocate a big integer with Balloc but do not verify allocation success, causing a null pointer dereference when accessing x[0] on failure. This is a memory allocation h...

6.5CVSS6.3AI score0.01331EPSS

CVE•added 2020/03/18 3:43 p.m.•53 views

CVE-2019-14871

CVE-2019-14871 affects the Newlib C library, specifically the REENT_CHECK macro usage (REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP, and related macros) in versions prior to 3.3.0. The root cause is that the REENT_CHECK macro does not validate memory allocation problems when the DEBUG flag is...

6.5CVSS6.4AI score0.01008EPSS

CVE•added 2020/03/19 3:8 p.m.•51 views

CVE-2019-14875

CVE-2019-14875 affects the newlib libc library before version 3.3.0. In the __multiply function (mprec.c), Balloc is used to allocate a big integer without checking the allocation result; accessing _x[0] can trigger a null pointer dereference on allocation failure, potentially causing a crash (im...

6.5CVSS6.3AI score0.01294EPSS

CVE•added 2020/03/19 3:4 p.m.•49 views

CVE-2019-14873

The CVE-2019-14873 issue affects the newlib libc library (older releases, prior to 3.3.0). In the __multadd function, the code path allocates a big integer via Balloc without verifying allocation success, enabling a null pointer dereference on allocation failure. This is the explicit root cause d...

6.5CVSS6.3AI score0.01299EPSS

CVE•added 2020/03/19 12:35 p.m.•47 views

CVE-2019-14872

The CVE concerns the newlib libc function _dtoa_r, vulnerable before version 3.3.0 due to multiple allocations performed without checking return values, which can cause a NULL pointer dereference. Affected software is the newlib libc (prior to 3.3.0). Impact is NULL pointer dereference with poten...

6.5CVSS6.4AI score0.01453EPSS