glibc is a widely used C library that provides standard functions for operating systems. This vulnerability allows attackers to cause a segmentation fault by manipulating uninitialized pointers, which can lead to arbitrary code execution.
glibc is a widely used C library that provides standard functions for operating systems. This vulnerability allows attackers to cause a segmentation fault by manipulating uninitialized pointers, which can lead to arbitrary code execution.
You're affected if you use glibc versions 2.27-3 and earlier. Check with: grep "uninitialized pointer dereference" /usr/lib/libc.so.6
Note: This CVE is similar to CVE-2019-3515, but the fix is different.
Upgrade to glibc version 2.31 or later.
For Debian/Ubuntu: sudo apt-get update && sudo apt-get install libc6-dev
For Red Hat/CentOS/Fedora: sudo yum update && sudo yum install libc-devel
Immediate mitigations:
- Disable the vulnerable function by setting the USE_MALLOCA environment variable to "0"
- Use a different C library, such as musl or uClibc