9.8
CRITICAL
CVE-2019-1010022
GNU Libc NPTL Mitigation Bypass
Description

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

INFO

Published Date :

July 15, 2019, 4:15 a.m.

Last Modified :

Nov. 21, 2024, 4:17 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2019-1010022 has a 17 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-1010022 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Gnu glibc
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-1010022.

URL Resource
https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850 Exploit Issue Tracking Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850 Exploit Issue Tracking Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Dariani223/DevOpsFinal

None

Dockerfile Python HTML

Updated: 22 hours, 31 minutes ago
0 stars 0 fork 0 watcher
Born at : June 28, 2025, 8:46 a.m. This repo has been linked 81 different CVEs too.
Profile Photo
z4ng1ew/Trivy-Flask-App-With-Bandit-TruffleHog

Flask app with Trivy and Bandit integrated in a CI/CD pipeline for automated security scanning and vulnerability detection.

Dockerfile Python PowerShell Shell C JavaScript CSS Roff

Updated: 3 days, 16 hours ago
0 stars 0 fork 0 watcher
Born at : June 25, 2025, 12:59 p.m. This repo has been linked 13 different CVEs too.
Profile Photo
Myash-New/05-virt-04-docker-in-practice

None

Updated: 2 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : March 31, 2025, 7:26 a.m. This repo has been linked 41 different CVEs too.
Profile Photo
x9nico/Exam_Docker

None

Dockerfile HTML Go Shell

Updated: 4 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 3, 2025, 1:22 p.m. This repo has been linked 20 different CVEs too.
Profile Photo
Telooss/TP-WIK-DPS-TP02

None

Dockerfile JavaScript TypeScript

Updated: 5 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 27, 2025, 3:01 p.m. This repo has been linked 36 different CVEs too.
Profile Photo
poikl246/DevSecOps-2024-v2

Задание по DevSecOps второе задание

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 8:20 p.m. This repo has been linked 92 different CVEs too.
Profile Photo
ardhiatno/ubimicro-fluentbit

Fluentbit container image built as small as possible with security in mind

docker-image dockerfile fluent-bit

Dockerfile

Updated: 8 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Oct. 22, 2024, 8:40 a.m. This repo has been linked 42 different CVEs too.
Profile Photo
Srinu-rj/spring-food-app

None

Dockerfile Roff Java

Updated: 8 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 7, 2024, 8:52 a.m. This repo has been linked 127 different CVEs too.
Profile Photo
mmbazm/secure_license_server

None

Dockerfile Python

Updated: 7 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Oct. 5, 2024, 4:56 p.m. This repo has been linked 68 different CVEs too.
Profile Photo
GrigGM/05-virt-04-docker-hw

None

HCL

Updated: 1 year, 1 month ago
0 stars 0 fork 0 watcher
Born at : April 30, 2024, 7:53 p.m. This repo has been linked 54 different CVEs too.
Profile Photo
DanMolz/wiz-scripts

None

Python

Updated: 7 months ago
1 stars 1 fork 1 watcher
Born at : April 16, 2024, 10:58 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
fokypoky/places-list

None

asp-net-core csharp docker dockerfile javascript react webapi docker-compose

C# Dockerfile HTML JavaScript CSS

Updated: 1 year, 2 months ago
0 stars 0 fork 0 watcher
Born at : Feb. 22, 2024, 6:42 p.m. This repo has been linked 383 different CVEs too.
Profile Photo
cdupuis/image-api

None

TypeScript

Updated: 2 years, 6 months ago
0 stars 0 fork 0 watcher
Born at : Dec. 6, 2022, 12:43 p.m. This repo has been linked 43 different CVEs too.
Profile Photo
vincent-deng/veracode-container-security-finding-parser

Map Vulnerabilities into Different Layers of the Container Image

Python

Updated: 2 years, 5 months ago
1 stars 0 fork 0 watcher
Born at : Oct. 5, 2022, 12:07 p.m. This repo has been linked 1277 different CVEs too.
Profile Photo
madchap/opa-tests

None

Open Policy Agent

Updated: 3 years, 9 months ago
0 stars 0 fork 0 watcher
Born at : Sept. 12, 2021, 8:50 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-1010022 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-1010022 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://security-tracker.debian.org/tracker/CVE-2019-1010022
    Added Reference https://sourceware.org/bugzilla/show_bug.cgi?id=22850
    Added Reference https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
    Added Reference https://ubuntu.com/security/CVE-2019-1010022
  • CVE Modified by [email protected]

    Aug. 05, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    May. 17, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Apr. 11, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Mar. 21, 2024

    Action Type Old Value New Value
    Added Tag DWF disputed
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Description ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
  • CVE Modified by [email protected]

    Jun. 10, 2021

    Action Type Old Value New Value
    Added Reference https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 16, 2020

    Action Type Old Value New Value
    Changed Description GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
    Added Reference https://security-tracker.debian.org/tracker/CVE-2019-1010022 [No Types Assigned]
    Added Reference https://ubuntu.com/security/CVE-2019-1010022 [No Types Assigned]
  • Initial Analysis by [email protected]

    Jul. 18, 2019

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://sourceware.org/bugzilla/show_bug.cgi?id=22850 No Types Assigned https://sourceware.org/bugzilla/show_bug.cgi?id=22850 Exploit, Issue Tracking, Third Party Advisory
    Added CWE CWE-119
    Added CPE Configuration OR *cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.14 }} -0.07%

score

0.35916

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jun. 29, 2025 16:07