CVE-2020-1752 — Use After Free in Glibc
Severity
7.0HIGHNVD
GHSA6.1
EPSS
0.2%
top 59.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 30
Latest updateMar 21
Description
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 16.04, 18.04, 19.10
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-8x3m-4qgh-829r: A use-after-free vulnerability introduced in glibc upstream version 2↗2022-05-24
CVEList
▶
📋Vendor Advisories
4Microsoft▶
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid usern↗2020-04-14
Debian▶
CVE-2020-1752: glibc - A use-after-free vulnerability introduced in glibc upstream version 2.14 was fou...↗2020
💬Community
4Bugzilla▶
CVE-2020-27752 ImageMagick: heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h↗2020-11-03
Bugzilla
▶