CVE-2020-28928 — Out-of-bounds Write in Musl

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Musl-libc Musl Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedNov 24

Latest updateMar 31

Description

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianmusl-libc/musl< 1.2.2-1+3

▶NVDmusl-libc/musl1.2.1

▶NVDoracle/graalvm20.3.2, 21.1.0+1

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

musl vulnerabilities↗2023-03-31

▶

GHSA

GHSA-7gwx-j9qc-6c6w: In musl libc through 1↗2022-05-24

▶

CVEList

CVE-2020-28928: In musl libc through 1↗2020-11-24

▶

OSV

CVE-2020-28928: In musl libc through 1↗2020-11-24

▶

📋Vendor Advisories

Ubuntu

musl vulnerabilities↗2023-03-31

▶

Oracle

Oracle Oracle Java SE Risk Matrix: LLVM Interpreter (musl libc) — CVE-2020-28928↗2021-07-15

▶

Debian

CVE-2020-28928: musl - In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of des...↗2020

▶