First published: Wed Apr 01 2020(Updated: )
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | <=2.31 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Debian Debian Linux | =10.0 | |
debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-6096.
The severity level of CVE-2020-6096 is high with a score of 8.1.
The GNU glibc versions up to and including 2.31, Fedora versions 31 and 32, and Debian Linux version 10.0 are affected by CVE-2020-6096.
CVE-2020-6096 is an exploitable signed comparison vulnerability in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000.
CVE-2020-6096 can be exploited by calling memcpy() with a negative value for the 'num' parameter in ARMv7 targets that utilize the GNU glibc implementation.