oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

multiple NULL pointer dereference vulnerabilities in newlib

From: Dimitrios Glynos <dimitris () census-labs com>
Date: Fri, 31 Jan 2020 23:17:29 +0200
Hello all,

newlib versions prior to 3.3.0 (and derivatives like newlib-nano,
picolibc, related ARM toolchains) are vulnerable to a number
of NULL pointer dereference vulnerabilities.

The following CVEs were assigned by RedHat for these issues:

CVE-2019-14871, CVE-2019-14872, CVE-2019-14873, CVE-2019-14874,
CVE-2019-14875, CVE-2019-14876, CVE-2019-14877, CVE-2019-14878

More details about the issues are available here:

https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

It is advised to update newlib installations to version 3.3.0
and make sure to build with the newlib-reent-check-verify
'configure' option enabled, to correctly address these
issues.

Kind Regards,

Dimitris
Previous By Date Next
Previous By Thread Next

Current thread: