CVE-2020-10029: 
NixOS vulnerability analysis and mitigation

The GNU C Library (glibc) before version 2.32 contained a vulnerability (CVE-2020-10029) where an on-stack buffer could overflow during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, as seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This vulnerability was discovered in early 2020 and is related to the sysdeps/ieee754/ldbl-96/e_rem_pio2l.c component (CVE Details).

The vulnerability affects the range reduction process in the GNU C Library's implementation of certain mathematical functions. The issue specifically occurs when processing pseudo-zero values (representations where all significand bits, including the explicit high bit, are zero, but the exponent is not zero) in 80-bit long double functions. The affected functions include cosl, sinl, sincosl, and tanl. The vulnerability is triggered when these functions process invalid multi-byte input sequences with non-canonical bit patterns (Sourceware Bug).

The vulnerability has been assigned a CVSS score of 5.5 (Medium), with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. When exploited, it could lead to a Denial of Service (DoS) condition through application crashes. On systems where glibc is not compiled with -fstack-protector-all, the vulnerability can cause stack corruption, though achieving arbitrary code execution is considered difficult if not impossible (Ubuntu Security).

The vulnerability was fixed in glibc version 2.32 by implementing proper validation of pseudo-zero and unnormal representations. The fix includes detecting these invalid representations during range reduction and returning a NaN instead of continuing with the range reduction process. For systems that cannot immediately upgrade, compiling glibc with stack protector enabled (-fstack-protector-all) can help mitigate the impact of the vulnerability (Sourceware Bug).