VDB
CVE-2019-14697
CVE-2019-14697
PUBLISHED
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
EPSS 0.44% · 63.8th percentile
Risk Scores
EPSS Score
0.44%
63.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | musl | 0, 1.1.16-3, 1.1.18-1 |
| Ubuntu:Pro:16.04:LTS | musl | 1.1.9-1ubuntu0.1~esm2, 0, 1.1.9-1 |
| Ubuntu:Pro:14.04:LTS | musl | 0.9.14-2ubuntu1, 0.9.14-2, 0 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2019/08/06/4 (nist-nvd)
- https://www.openwall.com/lists/musl/2019/08/06/1 (nist-nvd)
- CIRCL seen: CVE-2019-14697 (circl-sighting)
- CIRCL seen: CVE-2019-14697 (circl-sighting)
- CIRCL seen: CVE-2019-14697 (circl-sighting)
- GLSA-202003-13 (circl)
- integ.image-scanner-with-trivy.ts (github-poc)
- integ.image-scanner-with-trivy.ts (github-poc)
- integ.image-scanner-with-trivy.ts (github-poc)
- integ.image-scanner-with-trivy.ts (github-poc)
…and 6 more exploits
Timeline
- Aug 6, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-14697 third-party-advisory
- https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 third-party-advisory
- https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e third-party-advisory
- https://www.openwall.com/lists/oss-security/2019/08/06/1 third-party-advisory
- http://www.openwall.com/lists/oss-security/2019/08/06/4 third-party-advisory
- https://www.openwall.com/lists/musl/2019/08/06/1 third-party-advisory
- https://ubuntu.com/security/notices/USN-5990-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14697 third-party-advisory