Required CVE Record Information
Description
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 7.0 | HIGH | 3.1 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
References 9 Total
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752
- https://sourceware.org/bugzilla/show_bug.cgi?id=25414
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c
- https://security.netapp.com/advisory/ntap-20200511-0005/
- usn.ubuntu.com: USN-4416-1 vendor-advisory
- security.gentoo.org: GLSA-202101-20 vendor-advisory
- lists.apache.org: [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-list
- lists.apache.org: [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-list
- lists.debian.org: [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 9 Total
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752 x_transferred
- https://sourceware.org/bugzilla/show_bug.cgi?id=25414 x_transferred
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c x_transferred
- https://security.netapp.com/advisory/ntap-20200511-0005/ x_transferred
- usn.ubuntu.com: USN-4416-1 vendor-advisoryx_transferred
- security.gentoo.org: GLSA-202101-20 vendor-advisoryx_transferred
- lists.apache.org: [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-listx_transferred
- lists.apache.org: [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-listx_transferred
- lists.debian.org: [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update mailing-listx_transferred