Bug ID	1162452
Summary	VUL-1: CVE-2019-14871: newlib: _REENT_CHECK macro null pointer dereference bug
Classification	openSUSE
Product	openSUSE Distribution
Version	Leap 15.1
Hardware	Other
URL	https://smash.suse.de/issue/252253/
OS	Other
Status	NEW
Severity	Minor
Priority	P5 - None
Component	Basesystem
Assignee	rguenther@suse.com
Reporter	abergmann@suse.com
QA Contact	security-team@suse.de
Found By	Security Response Team
Blocker	---

https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

_REENT_CHECK macro null pointer dereference bug (CVE-2019-14871)

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by
REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros, does
not check for memory allocation problems when the DEBUG flag is unset (as is
the case in production firmware builds).


References:
https://seclists.org/oss-sec/2020/q1/51

You are receiving this mail because:

You are on the CC list for the bug.