Vulnerability Details CVE-2019-14876
In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2019-14876
-
cpe:2.3:a:newlib_project:newlib:-
-
cpe:2.3:a:newlib_project:newlib:1.10.0
-
cpe:2.3:a:newlib_project:newlib:1.11.0
-
cpe:2.3:a:newlib_project:newlib:1.12.0
-
cpe:2.3:a:newlib_project:newlib:1.13.0
-
cpe:2.3:a:newlib_project:newlib:1.14.0
-
cpe:2.3:a:newlib_project:newlib:1.15.0
-
cpe:2.3:a:newlib_project:newlib:1.16.0
-
cpe:2.3:a:newlib_project:newlib:1.17.0
-
cpe:2.3:a:newlib_project:newlib:1.18.0
-
cpe:2.3:a:newlib_project:newlib:1.19.0
-
cpe:2.3:a:newlib_project:newlib:1.20.0
-
cpe:2.3:a:newlib_project:newlib:1.9.0
-
cpe:2.3:a:newlib_project:newlib:2.0.0
-
cpe:2.3:a:newlib_project:newlib:2.1.0
-
cpe:2.3:a:newlib_project:newlib:2.2.0
-
cpe:2.3:a:newlib_project:newlib:2.3.0
-
cpe:2.3:a:newlib_project:newlib:2.4.0
-
cpe:2.3:a:newlib_project:newlib:2.5.0
-
cpe:2.3:a:newlib_project:newlib:3.0.0
-
cpe:2.3:a:newlib_project:newlib:3.1.0
-
cpe:2.3:a:newlib_project:newlib:3.2.0