Fluid Attacks Database

Description

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glibc	>=0 <2.2-1	2.2-1
debian 11	glibc	>=0 <2.2-1	2.2-1
debian 12	glibc	>=0 <2.2-1	2.2-1
debian 14	glibc	>=0 <2.2-1	2.2-1

Aliases

1. CVE-1999-01992. NVD-1999-01993. OSV-DEBIAN-1999-01994. OSV-1999-01995. SECURITY-TRACKER-CVE-1999-0199

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.