CVE-2019-7309

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", "name": "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/106835", "name": "106835", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/202006-04", "name": "GLSA-202006-04", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-7309", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2019-02-03T02:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.29"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-24T17:37Z"}