ubuntu · CVE-2002-2439

Quick triage

Priority: low Published: 2019-10-23 18:15:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2002-2439 low priority: Ubuntu including 34 source packages (gcc-4.1, gcc-4.3, …), 918 status rows across 27 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lucid, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 652, ignored 119, not-affected 86, needs-triage 60, released 1.

Description:

operator new[] sometimes returns pointers to heap blocks which are too small. When a new array is allocated, the C++ run-time has to calculate its size. The product may exceed the maximum value which can be stored in a machine register. This error is ignored, and the truncated value is used for the heap allocation. This may lead to heap overflows and therefore security bugs. (See http://cert.uni-stuttgart.de/advisories/calloc.php for further references.)

cvelogic Threat Intelligence