CVE-2019-9169

CVE	CVE-2019-9169
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-02-26 02:29:00 UTC
Updated	2023-11-07 03:13:00 UTC
Description	In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

Problem Types: CWE-125

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Application	Gnu	Glibc	All	All	All	All
Application	Mcafee	Web Gateway	All	All	All	All
Application	Netapp	Cloud Backup	All	All	All	All
Application	Netapp	Cloud Backup	All	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All

Reference	Source	Link	Tags
McAfee Security Bulletin - Web Gateway update fixes four third-party vulnerabilities (CVE-2018-18311, CVE-2018-5742, CVE-2019-9169, and CVE-2019-6454)	CONFIRM	kc.mcafee.com
24114 – (CVE-2019-9169) regexec buffer read overrun in "grep -i '\(\(\).\)\(\)\(\)\1'"	MISC	sourceware.org	Issue Tracking, Patch, Third Party Advisory
March 2019 GNU C Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Patch, Third Party Advisory
sourceware.org Git - glibc.git/commit	MISC	sourceware.org	Mailing List, Patch, Third Party Advisory
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
support.f5.com/csp/article/K54823184	CONFIRM	support.f5.com
sourceware.org Git - glibc.git/commit		sourceware.org
#34142 - AddressSanitizer reported heap-buffer-overflow - GNU bug report logs	MISC	debbugs.gnu.org	Exploit, Mailing List, Vendor Advisory
glibc: Multiple vulnerabilities (GLSA 202006-04) — Gentoo security	GENTOO	security.gentoo.org
USN-4416-1: GNU C Library vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
GNU glibc Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
#34140 - AddressSanitizer reported heap-buffer-overflow when ignoring case - GNU bug report logs	MISC	debbugs.gnu.org	Exploit, Mailing List, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

159188 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-1585)
159249 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-9280)
159295 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-9344)
239336 Red Hat Update for glibc (RHSA-2021:1585)
352399 Amazon Linux Security Advisory for glibc: ALAS2-2021-1656
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
900018 CBL-Mariner Linux Security Update for glibc 2.28
902821 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (1944)
940275 AlmaLinux Security Update for glibc (ALSA-2021:1585)
960868 Rocky Linux Security Update for glibc (RLSA-2021:1585)