CVE-2019-14873

Summary

In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.

Affected Software

VendorProductVersion RangeStatus
Red Hatnewliball newlib versions prior to 3.3.0affected

Weaknesses

  • CWE-476: CWE-476

ADP Enrichment

CVE Program Container

Additional References

References