CVE-2020-28928
Published: 24 November 2020
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
Priority
Status
Package | Release | Status |
---|---|---|
musl Launchpad, Ubuntu, Debian |
bionic |
Released
(1.1.19-1ubuntu0.1~esm1)
|
focal |
Released
(1.1.24-1ubuntu0.1~esm1)
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Not vulnerable
(1.2.2-4)
|
|
kinetic |
Not vulnerable
(1.2.3-1)
|
|
lunar |
Not vulnerable
(1.2.3-1)
|
|
trusty |
Released
(0.9.15-1ubuntu0.1~esm2)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.1.9-1ubuntu0.1~esm3)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |