First published: Thu Apr 30 2020(Updated: )
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | <2.32.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
Debian Debian Linux | =10.0 | |
Netapp H410c Firmware | ||
Netapp H410c | ||
debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1752 is a use-after-free vulnerability in glibc.
CVE-2020-1752 has a severity rating of high (7.0).
Ubuntu glibc versions 2.27-3ubuntu1.2, 2.30-0ubuntu2.2, and 2.23-0ubuntu11.2 are affected.
To fix CVE-2020-1752 on Ubuntu, update glibc to versions 2.27-3ubuntu1.2, 2.30-0ubuntu2.2, or 2.23-0ubuntu11.2.
You can find more information about CVE-2020-1752 on the MITRE CVE website, the Ubuntu Security Notices website, or the NIST NVD website.