CVE-2019-1010022
CVE Details
Last Update
11/7/2024
NIST CVE Summary
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Our Official Summary
The issue relates to a mitigation bypass in the GNU Libc library's NPTL component, allowing attackers to circumvent stack guard protection via a stack buffer overflow. This is considered a post-attack mitigation rather than a direct vulnerability by many upstream maintainers. In our products, exploiting this vulnerability on the 3rd party images is very low since this issue does not directly lead to code execution. Instead, it weakens an additional layer of protection after an attack has already occurred, thus classifying it as a post-attack hardening issue. We are waiting on an upstream fix from the 3rd party vendors and will upgrade the images once the upstream fix becomes available.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3, 4.5.8
- Palette Enterprise airgap 4.4.18, 4.5.3, 4.5.8
- Palette VerteX 4.5.3, 4.5.8
- Palette Enterprise 4.5.3, 4.5.8
Revision History
- 1.0 08/16/2024 Initial Publication
- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products
- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products
- 6.0 11/7/2024 Added Palette VerteX airgap, Palette Enterprise airgap, Palette Enterprise, and Palette VerteX 4.5.8 to Affected Products