visitorckw/CVE-2024-30949

## CVE-2024-30949
[CVE ID]
CVE-2024-30949

[Product]
newlib

[Version]
4.3.0

[Vulnerability Type]
Integer Overflow

[Description]
A vulnerability was discovered in the gettimeofday system call
implementation within the RISC-V libgloss component of Newlib. The
issue involves the incorrect conversion of nanoseconds to microseconds,
where the code erroneously multiplies the value by 1000 instead of
dividing by 1000. This mistake not only leads to incorrect time values
being returned but also poses a risk of integer overflow, especially on
platforms where long is 32-bit. This could result in further
inaccuracies or undefined behavior in time-sensitive applications that
rely on this system call.

[Reference]
https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw@gmail.com/
https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
	[CVE ID]
	CVE-2024-30949

	[Product]
	newlib

	[Version]
	4.3.0

	[Vulnerability Type]
	Integer Overflow

	[Description]
	A vulnerability was discovered in the gettimeofday system call
	implementation within the RISC-V libgloss component of Newlib. The
	issue involves the incorrect conversion of nanoseconds to microseconds,
	where the code erroneously multiplies the value by 1000 instead of
	dividing by 1000. This mistake not only leads to incorrect time values
	being returned but also poses a risk of integer overflow, especially on
	platforms where long is 32-bit. This could result in further
	inaccuracies or undefined behavior in time-sensitive applications that
	rely on this system call.

	[Reference]
	https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw@gmail.com/
	https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
No results found