CVE-2019-1010025
ADVISORY - debianSummary
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
- glibc (unimportant) Not treated as a security issue by upstream https://sourceware.org/bugzilla/show_bug.cgi?id=22853
EPSS Score: 0.00235 (0.464)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Use of Insufficiently Random Values
ADVISORY - redhat
Exposure of Sensitive Information to an Unauthorized Actor
Debian
CREATED
UPDATED
ADVISORY IDCVE-2019-1010025
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/glibc | deb | debian | 12 | >=2.36-9+deb12u10 | Not yet available |
| debian/glibc | deb | debian | 13 | >=2.41-9 | Not yet available |
| debian/glibc | deb | debian | 11 | >=2.31-13+deb11u11 | Not yet available |
| debian/glibc | deb | debian | unstable | >=2.41-9 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2019-1010025
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2019-1010025
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.3lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2019-1010025
EXPLOITABILITY SCORE
1.4
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
2.9lowChainguard
CREATED
UPDATED
ADVISORY ID
CGA-95xj-hfwv-q3mc
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2019-1010025
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-