[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] multiple NULL pointer dereference vulnerabilities in newlib
From:       Dimitrios Glynos <dimitris () census-labs ! com>
Date:       2020-01-31 21:17:29
Message-ID: d6e0d9ec-8bc5-9034-b387-7e66f71fa0de () census-labs ! com
[Download RAW message or body]

Hello all,

newlib versions prior to 3.3.0 (and derivatives like newlib-nano,
picolibc, related ARM toolchains) are vulnerable to a number
of NULL pointer dereference vulnerabilities.

The following CVEs were assigned by RedHat for these issues:

CVE-2019-14871, CVE-2019-14872, CVE-2019-14873, CVE-2019-14874,
CVE-2019-14875, CVE-2019-14876, CVE-2019-14877, CVE-2019-14878

More details about the issues are available here:

https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

It is advised to update newlib installations to version 3.3.0
and make sure to build with the newlib-reent-check-verify
'configure' option enabled, to correctly address these
issues.

Kind Regards,

Dimitris
[prev in list] [next in list] [prev in thread] [next in thread]