Search for vulnerabilities
Vulnerability details: VCID-xwnv-7wwe-hqbk
Vulnerability ID VCID-xwnv-7wwe-hqbk
Aliases CVE-2024-30949
Summary An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00804 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.00919 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.01078 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
epss 0.02857 https://api.first.org/data/v1/epss?cve=CVE-2024-30949
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-30949
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-30949
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
https://api.first.org/data/v1/epss?cve=CVE-2024-30949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949
https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661
https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/
https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
2306118 https://bugzilla.redhat.com/show_bug.cgi?id=2306118
cpe:2.3:a:newlib_project:newlib:4.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:4.3.0:*:*:*:*:*:*:*
CVE-2024-30949 https://nvd.nist.gov/vuln/detail/CVE-2024-30949
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-30949
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-30949
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.28532
EPSS Score 0.00063
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-17T19:08:13.504313+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-30949 34.0.1