CVE-2020-28928: Buffer Overflow
First published: Tue Nov 24 2020(Updated: )
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Bridge | <=All | |
| Musl-libc Musl | <=1.2.1 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Oracle GraalVM | =20.3.2 | |
| Oracle GraalVM | =21.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192091
- https://www.ibm.com/support/pages/node/6491653 (Advisory)
- http://www.openwall.com/lists/oss-security/2020/11/20/4
- https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
- https://musl.libc.org/releases.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
Frequently Asked Questions
What is CVE-2020-28928?
CVE-2020-28928 is a vulnerability in musl libc that allows a local attacker to cause a denial of service.
What is the severity of CVE-2020-28928?
CVE-2020-28928 has a severity rating of 6.2 (Medium).
Which software versions are affected by CVE-2020-28928?
musl libc 1.2.1, Debian Linux 9.0, Fedora 33, Fedora 34, Oracle GraalVM 20.3.2, Oracle GraalVM 21.1.0, and IBM Security Verify Bridge (all versions) are affected by CVE-2020-28928.
How can an attacker exploit CVE-2020-28928?
A local attacker can exploit CVE-2020-28928 by sending specially-crafted input to the wcsnrtombs function, causing the application to enter into an infinite loop.
Are there any references for CVE-2020-28928?
Yes, you can find more information about CVE-2020-28928 at the following references: [link1], [link2], [link3].
- agent/type
- agent/remedy
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ibm-support
- source/IBM
- vendor/musl-libc
- canonical/musl-libc musl
- version/musl-libc musl/1.2.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.2
- version/oracle graalvm/21.1.0
- vendor/ibm
- canonical/ibm security verify bridge
- version/ibm security verify bridge/all