manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
manual/search.texi in the
Exploit
CVE-1999-0199
NVD
Refer to CVE-1999-0199 NVD advisory