CVE-2020-29573

Name: CVE-2020-29573
Creator: NVD / NIST
Published: 2020-12-06T00:15:11.567+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.77%

Last modified Jun 17, 2026

CVE-2020-29573 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. EPSS estimates a 2.77% chance of exploitation in the next 30 days.

Description

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.77%

84.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Gnu	Glibc	< 2.23
Redhat	Enterprise Linux	7.0
Netapp	Cloud Backup	All versions
Netapp	Solidfire Baseboard Management Controller	All versions

References

https://security.gentoo.org/glsa/202101-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26649Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.htmlPatch, Third Party Advisory
https://security.gentoo.org/glsa/202101-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26649Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.htmlPatch, Third Party Advisory

Timeline

Published: Dec 6, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-29573?

How severe is CVE-2020-29573?

CVE-2020-29573 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.77% probability of exploitation in the next 30 days.

How do I fix CVE-2020-29573?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-29573?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST