Vulnerabilites related to GNU Libc - glibc
CVE-2020-1752 (GCVE-0-2020-1752)
Vulnerability from cvelistv5
Published
2020-04-30 00:00
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=25414", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200511-0005/", }, { name: "USN-4416-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4416-1/", }, { name: "GLSA-202101-20", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-20", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "glibc", vendor: "GNU Libc", versions: [ { status: "affected", version: "Affected: versions 2.14 and later", }, { status: "affected", version: "Fixed: version 2.32", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752", }, { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=25414", }, { url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c", }, { url: "https://security.netapp.com/advisory/ntap-20200511-0005/", }, { name: "USN-4416-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4416-1/", }, { name: "GLSA-202101-20", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202101-20", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1752", datePublished: "2020-04-30T00:00:00", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1010024 (GCVE-0-2019-1010024)
Vulnerability from cvelistv5
Published
2019-07-15 03:06
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22852 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109162 | vdb-entry, x_refsource_BID | |
| https://support.f5.com/csp/article/K06046097 | x_refsource_CONFIRM | |
| https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2019-1010024 | vendor-advisory, x_refsource_DEBIAN | |
| https://ubuntu.com/security/CVE-2019-1010024 | vendor-advisory, x_refsource_UBUNTU |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:07:18.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", }, { name: "109162", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109162", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K06046097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010024", }, { name: "CVE-2019-1010024", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://ubuntu.com/security/CVE-2019-1010024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "glibc", vendor: "GNU Libc", versions: [ { status: "affected", version: "current (At least as of 2018-02-16)", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", }, ], problemTypes: [ { descriptions: [ { description: "Mitigation bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-16T19:46:23", orgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", shortName: "dwf", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", }, { name: "109162", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109162", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K06046097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010024", }, { name: "CVE-2019-1010024", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://ubuntu.com/security/CVE-2019-1010024", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-assign@distributedweaknessfiling.org", ID: "CVE-2019-1010024", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "glibc", version: { version_data: [ { version_value: "current (At least as of 2018-02-16)", }, ], }, }, ], }, vendor_name: "GNU Libc", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Mitigation bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", }, { name: "109162", refsource: "BID", url: "http://www.securityfocus.com/bid/109162", }, { name: "https://support.f5.com/csp/article/K06046097", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K06046097", }, { name: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS", }, { name: "CVE-2019-1010024", refsource: "DEBIAN", url: "https://security-tracker.debian.org/tracker/CVE-2019-1010024", }, { name: "CVE-2019-1010024", refsource: "UBUNTU", url: "https://ubuntu.com/security/CVE-2019-1010024", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", assignerShortName: "dwf", cveId: "CVE-2019-1010024", datePublished: "2019-07-15T03:06:26", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-05T03:07:18.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1010023 (GCVE-0-2019-1010023)
Vulnerability from cvelistv5
Published
2019-07-15 03:09
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22851 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109167 | vdb-entry, x_refsource_BID | |
| https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2019-1010023 | vendor-advisory, x_refsource_DEBIAN | |
| https://ubuntu.com/security/CVE-2019-1010023 | vendor-advisory, x_refsource_UBUNTU |
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-1010023", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T18:42:21.452782Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-11T18:43:16.622Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T03:07:18.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", }, { name: "109167", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109167", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010023", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010023", }, { name: "CVE-2019-1010023", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://ubuntu.com/security/CVE-2019-1010023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "glibc", vendor: "GNU Libc", versions: [ { status: "affected", version: "current (At least as of 2018-02-16)", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", }, ], problemTypes: [ { descriptions: [ { description: "Re-mapping current loaded libray with malicious ELF file", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-16T19:43:22", orgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", shortName: "dwf", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", }, { name: "109167", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109167", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010023", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010023", }, { name: "CVE-2019-1010023", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://ubuntu.com/security/CVE-2019-1010023", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-assign@distributedweaknessfiling.org", ID: "CVE-2019-1010023", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "glibc", version: { version_data: [ { version_value: "current (At least as of 2018-02-16)", }, ], }, }, ], }, vendor_name: "GNU Libc", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Re-mapping current loaded libray with malicious ELF file", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", }, { name: "109167", refsource: "BID", url: "http://www.securityfocus.com/bid/109167", }, { name: "https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS", }, { name: "CVE-2019-1010023", refsource: "DEBIAN", url: "https://security-tracker.debian.org/tracker/CVE-2019-1010023", }, { name: "CVE-2019-1010023", refsource: "UBUNTU", url: "https://ubuntu.com/security/CVE-2019-1010023", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", assignerShortName: "dwf", cveId: "CVE-2019-1010023", datePublished: "2019-07-15T03:09:37", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-05T03:07:18.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1010025 (GCVE-0-2019-1010025)
Vulnerability from cvelistv5
Published
2019-07-15 03:11
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22853 | x_refsource_MISC | |
| https://support.f5.com/csp/article/K06046097 | x_refsource_CONFIRM | |
| https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2019-1010025 | vendor-advisory, x_refsource_DEBIAN | |
| https://ubuntu.com/security/CVE-2019-1010025 | vendor-advisory, x_refsource_UBUNTU |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:07:18.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K06046097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010025", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010025", }, { name: "CVE-2019-1010025", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://ubuntu.com/security/CVE-2019-1010025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "glibc", vendor: "GNU Libc", versions: [ { status: "affected", version: "current (At least as of 2018-02-16)", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "Mitigation bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-16T19:48:53", orgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", shortName: "dwf", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K06046097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", }, { name: "CVE-2019-1010025", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://security-tracker.debian.org/tracker/CVE-2019-1010025", }, { name: "CVE-2019-1010025", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://ubuntu.com/security/CVE-2019-1010025", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-assign@distributedweaknessfiling.org", ID: "CVE-2019-1010025", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "glibc", version: { version_data: [ { version_value: "current (At least as of 2018-02-16)", }, ], }, }, ], }, vendor_name: "GNU Libc", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Mitigation bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", }, { name: "https://support.f5.com/csp/article/K06046097", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K06046097", }, { name: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS", }, { name: "CVE-2019-1010025", refsource: "DEBIAN", url: "https://security-tracker.debian.org/tracker/CVE-2019-1010025", }, { name: "CVE-2019-1010025", refsource: "UBUNTU", url: "https://ubuntu.com/security/CVE-2019-1010025", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", assignerShortName: "dwf", cveId: "CVE-2019-1010025", datePublished: "2019-07-15T03:11:46", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-05T03:07:18.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }