CVE-2020-1752

 

Published at: - 30-04-2020 07:15

Last modified: - 17-10-2022 08:15

Total changes: - 7

Description

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752
• https://sourceware.org/bugzilla/show_bug.cgi?id=25414
• https://security.netapp.com/advisory/ntap-20200511-0005/
• USN-4416-1-Third Party Advisory
• GLSA-202101-20-Third Party Advisory
• [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Issue Tracking, Third Party Advisory
• [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Issue Tracking, Third Party Advisory
• [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update-

 

Keywords

NVD

 

CVE-2020-1752

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures