sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
Conclusion & alert: CVE-2020-29573 is rated Moderate Risk (62.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.77%). Core evidence: EPSS rose +2.60% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.16% | 2.77% | +2.60% |
| 2 | 2026-03-03 | 0.10% | 0.16% | +0.06% |
| 3 | 2025-11-21 | — | 0.10% | — |
Full EPSS history (13 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2020-29573 not yet assigned priority: Debian including 1 source packages (glibc), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2020-29573 |
gentoo
|
normal | CVE-2020-29573: 1 GLSA(s) (202101-20), 1 atom(s) (sys-libs/glibc); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2020-29573 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-29573 |
suse
|
high | CVE-2020-29573 severity important: SUSE including 504 source package names (0.1.0:glibc-2.26-13.56.1, 0.1.75:glibc-2.26-13.56.1, …), 945 product×package rows across 136 product lines (Container caasp/v4/389-ds, Container caasp/v4/busybox, … (136 product lines)): Fixed 799, Known Affected 130, Known Not Affected 16. | https://www.suse.com/security/cve/CVE-2020-29573/ |
ubuntu
|
low | CVE-2020-29573 low priority: Ubuntu including 2 source packages (eglibc, glibc), 32 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 15, not-affected 14, needs-triage 2, needed 1. | https://ubuntu.com/security/CVE-2020-29573 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| gnu | glibc | < 2.23 | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:x86:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| netapp | cloud_backup | — | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| netapp | solidfire_baseboard_management_controller | — | cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/202101-20 | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20210122-0004/ | Third Party Advisory |
| https://sourceware.org/bugzilla/show_bug.cgi?id=26649 | Issue Tracking Patch Third Party Advisory |
| https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html | Patch Third Party Advisory |