Lucene search

K
f5F5F5:K40977030
HistoryApr 28, 2020 - 12:00 a.m.

K40977030 : glibc vulnerability CVE-2020-6096

2020-04-2800:00:00
my.f5.com
15

AI Score

8.1

Confidence

High

EPSS

0.074

Percentile

94.1%

Security Advisory Description

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker underflows the ‘num’ parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. (CVE-2020-6096)

Impact

There is no impact; F5 products are not affected by this vulnerability.