UBUNTU-CVE-2019-14871
- Source
- https://ubuntu.com/security/CVE-2019-14871
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14871.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-14871
- Upstream
- Published
- 2020-03-18T16:15:00Z
- Modified
- 2025-09-08T16:45:30Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The REENTCHECK macro (see newlib/libc/include/sys/reent.h) as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).
- References
Affected packages
Ubuntu:Pro:16.04:LTS / newlib
Package
- Name
- newlib
- Purl
- pkg:deb/ubuntu/newlib@2.2.0+git20150830.5a3d536-1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libnewlib-arm-none-eabi",
"binary_version": "2.2.0+git20150830.5a3d536-1"
},
{
"binary_name": "libnewlib-dev",
"binary_version": "2.2.0+git20150830.5a3d536-1"
},
{
"binary_name": "newlib-source",
"binary_version": "2.2.0+git20150830.5a3d536-1"
}
]
}