In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Newlib | Newlib_project | * | 3.3.0 (excluding) |
Gcc-snapshot | Ubuntu | bionic | * |
Gcc-snapshot | Ubuntu | focal | * |
Gcc-snapshot | Ubuntu | jammy | * |
Gcc-snapshot | Ubuntu | trusty | * |
Gcc-snapshot | Ubuntu | xenial | * |
Newlib | Ubuntu | bionic | * |
Newlib | Ubuntu | eoan | * |
Newlib | Ubuntu | esm-apps/bionic | * |
Newlib | Ubuntu | esm-apps/xenial | * |
Newlib | Ubuntu | focal | * |
Newlib | Ubuntu | groovy | * |
Newlib | Ubuntu | hirsute | * |
Newlib | Ubuntu | impish | * |
Newlib | Ubuntu | jammy | * |
Newlib | Ubuntu | kinetic | * |
Newlib | Ubuntu | trusty | * |
Newlib | Ubuntu | upstream | * |
Newlib | Ubuntu | xenial | * |