Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-03
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
| Products | Glibc |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/202006-04
• https://sourceware.org/bugzilla/show_bug.cgi?id=24155 • http://www.securityfocus.com/bid/106835 • https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html |