Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-7309

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

  • Published: Feb 3, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-7309
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Software From Fixed in
gnu / glibc - 2.29.x