CVE-2020-15570

Published: Jul 6, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.

Affected (1)

Products: Whoopsie Project: Whoopsie

Whoopsie Project

1 product

Whoopsie

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Whoopsie Project Whoopsie	Up to 0.2.69

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (10)

https://github.com/sungjungk/whoopsie_killer2/blob/master/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sungjungk/whoopsie_killer2/blob/master/whoopsie_killer2.py

Source: cve@mitre.org

ExploitThird Party Advisory

https://launchpad.net/ubuntu/+source/whoopsie

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4450-1/

Source: cve@mitre.org

https://www.youtube.com/watch?v=oZXGwC7PWYE

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sungjungk/whoopsie_killer2/blob/master/README.md