What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-11937.

What is the severity of CVE-2020-11937?

The severity of CVE-2020-11937 is medium with a CVSS score of 5.5.

How can a local attacker exploit CVE-2020-11937?

A local attacker can exploit CVE-2020-11937 by using a crafted file to cause a denial of service (DoS) through resource exhaustion due to a memory leak.

Which versions of whoopsie are affected by CVE-2020-11937?

Versions 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5, and 0.2.69ubuntu0.1 of whoopsie are affected by CVE-2020-11937.

How can I fix CVE-2020-11937?

To fix CVE-2020-11937, update whoopsie to version 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5, or 0.2.69ubuntu0.1.

Vulnerability/
CVE-2020-11937

medium

5.5

CWE

401 400

6/8/2020

17/9/2024

CVE-2020-11937: Resource exhaustion vulnerability in whoopsie

First published: Thu Aug 06 2020(Updated: )

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

Credit: security@ubuntu.com security@ubuntu.com

Affected Software	Affected Version	How to fix
Canonical Whoopsie	=0.2.66
Canonical Whoopsie	=0.2.67
Canonical Whoopsie	=0.2.68
Canonical Whoopsie	=0.2.69
Canonical Ubuntu Linux	=20.04
Canonical Whoopsie	=0.2.49
Canonical Whoopsie	=0.2.50
Canonical Whoopsie	=0.2.51
Canonical Whoopsie	=0.2.52
Canonical Whoopsie	=0.2.52.1
Canonical Whoopsie	=0.2.52.2
Canonical Whoopsie	=0.2.52.3
Canonical Whoopsie	=0.2.52.4
Canonical Whoopsie	=0.2.52.5
Canonical Whoopsie	=0.2.52.5ubuntu0.1
Canonical Whoopsie	=0.2.52.5ubuntu0.2
Canonical Whoopsie	=0.2.52.5ubuntu0.3
Canonical Whoopsie	=0.2.52.5ubuntu0.4
Canonical Ubuntu Linux	=16.04
Canonical Whoopsie	=0.2.58
Canonical Whoopsie	=0.2.59
Canonical Whoopsie	=0.2.59build1
Canonical Whoopsie	=0.2.60
Canonical Whoopsie	=0.2.61
Canonical Whoopsie	=0.2.62
Canonical Whoopsie	=0.2.62ubuntu0.1
Canonical Whoopsie	=0.2.62ubuntu0.2
Canonical Whoopsie	=0.2.62ubuntu0.3
Canonical Whoopsie	=0.2.62ubuntu0.4
Canonical Ubuntu Linux	=18.04
All of
Any of
Canonical Whoopsie	=0.2.66
Canonical Whoopsie	=0.2.67
Canonical Whoopsie	=0.2.68
Canonical Whoopsie	=0.2.69
Canonical Ubuntu Linux	=20.04
All of
Any of
Canonical Whoopsie	=0.2.49
Canonical Whoopsie	=0.2.50
Canonical Whoopsie	=0.2.51
Canonical Whoopsie	=0.2.52
Canonical Whoopsie	=0.2.52.1
Canonical Whoopsie	=0.2.52.2
Canonical Whoopsie	=0.2.52.3
Canonical Whoopsie	=0.2.52.4
Canonical Whoopsie	=0.2.52.5
Canonical Whoopsie	=0.2.52.5ubuntu0.1
Canonical Whoopsie	=0.2.52.5ubuntu0.2
Canonical Whoopsie	=0.2.52.5ubuntu0.3
Canonical Whoopsie	=0.2.52.5ubuntu0.4
Canonical Ubuntu Linux	=16.04
All of
Any of
Canonical Whoopsie	=0.2.58
Canonical Whoopsie	=0.2.59
Canonical Whoopsie	=0.2.59build1
Canonical Whoopsie	=0.2.60
Canonical Whoopsie	=0.2.61
Canonical Whoopsie	=0.2.62
Canonical Whoopsie	=0.2.62ubuntu0.1
Canonical Whoopsie	=0.2.62ubuntu0.2
Canonical Whoopsie	=0.2.62ubuntu0.3
Canonical Whoopsie	=0.2.62ubuntu0.4
Canonical Ubuntu Linux	=18.04

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-11937.
What is the severity of CVE-2020-11937?
The severity of CVE-2020-11937 is medium with a CVSS score of 5.5.
How can a local attacker exploit CVE-2020-11937?
A local attacker can exploit CVE-2020-11937 by using a crafted file to cause a denial of service (DoS) through resource exhaustion due to a memory leak.
Which versions of whoopsie are affected by CVE-2020-11937?
Versions 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5, and 0.2.69ubuntu0.1 of whoopsie are affected by CVE-2020-11937.
How can I fix CVE-2020-11937?
To fix CVE-2020-11937, update whoopsie to version 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5, or 0.2.69ubuntu0.1.

collector/nvd-index
agent/weakness
agent/type
collector/security-tracker-debian
source/Debian
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/severity
agent/title
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/canonical
canonical/canonical whoopsie
version/canonical whoopsie/0.2.66
version/canonical whoopsie/0.2.67
version/canonical whoopsie/0.2.68
version/canonical whoopsie/0.2.69
canonical/canonical ubuntu linux
version/canonical ubuntu linux/20.04
version/canonical whoopsie/0.2.49
version/canonical whoopsie/0.2.50
version/canonical whoopsie/0.2.51
version/canonical whoopsie/0.2.52
version/canonical whoopsie/0.2.52.1
version/canonical whoopsie/0.2.52.2
version/canonical whoopsie/0.2.52.3
version/canonical whoopsie/0.2.52.4
version/canonical whoopsie/0.2.52.5
version/canonical whoopsie/0.2.52.5ubuntu0.1
version/canonical whoopsie/0.2.52.5ubuntu0.2
version/canonical whoopsie/0.2.52.5ubuntu0.3
version/canonical whoopsie/0.2.52.5ubuntu0.4
version/canonical ubuntu linux/16.04
version/canonical whoopsie/0.2.58
version/canonical whoopsie/0.2.59
version/canonical whoopsie/0.2.59build1
version/canonical whoopsie/0.2.60
version/canonical whoopsie/0.2.61
version/canonical whoopsie/0.2.62
version/canonical whoopsie/0.2.62ubuntu0.1
version/canonical whoopsie/0.2.62ubuntu0.2
version/canonical whoopsie/0.2.62ubuntu0.3
version/canonical whoopsie/0.2.62ubuntu0.4
version/canonical ubuntu linux/18.04