CVE-2020-28928

Published: Nov 24, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

Affected (6)

Products: Musl Libc: Musl · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Musl Libc: Musl · Debian: Debian Linux · Fedoraproject: Fedora · Oracle: Graalvm

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Musl Libc Musl	Up to 1.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Graalvm	Version 20.3.2
Oracle Graalvm	Version 21.1.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

http://www.openwall.com/lists/oss-security/2020/11/20/4

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/

Source: cve@mitre.org

https://musl.libc.org/releases.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/11/20/4