CVE-2020-28928
Ubuntu Security Notice USN-5990-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
En musl libc versiones hasta 1.2.1, wcsnrtombs maneja inapropiadamente combinaciones particulares de tamaño de búfer de destino y límite de caracteres de origen, como es demostrado por un acceso de escritura no válido (desbordamiento de búfer)
It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption , denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-11-18 CVE Reserved
- 2020-11-24 CVE Published
- 2024-07-24 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com//security-alerts/cpujul2021.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Musl-libc Search vendor "Musl-libc" | Musl Search vendor "Musl-libc" for product "Musl" | <= 1.2.1 Search vendor "Musl-libc" for product "Musl" and version " <= 1.2.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 20.3.2 Search vendor "Oracle" for product "Graalvm" and version "20.3.2" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 21.1.0 Search vendor "Oracle" for product "Graalvm" and version "21.1.0" | enterprise |
Affected
| ||||||