Lucene search

RedhatCVE-2020-1752

HistoryApr 30, 2020 - 5:15 p.m.

CVE-2020-1752

2020-04-3017:15:13

CWE-416

redhat

web.nvd.nist.gov

195

cve-2020-1752

glibc

use-after-free

vulnerability

arbitrary code execution

nvd

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Affected configurations

Nvd

Vulners

Node

gnuglibcRange<2.32.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

Node

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux19.10cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netappsteelstore_cloud_integrated_storage-cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
netapph410c_firmware-cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
netapph410c-cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
netapp	steelstore_cloud_integrated_storage	-	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
netapp	h410c_firmware	-	cpe:2.3:o:netapp:h410c_firmware:-:::::::*
netapp	h410c	-	cpe:2.3:h:netapp:h410c:-:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "GNU Libc",
    "product": "glibc",
    "versions": [
      {
        "version": "Affected: versions 2.14 and later",
        "status": "affected"
      },
      {
        "version": "Fixed: version 2.32",
        "status": "affected"
      }
    ]
  }
]