Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-6096
HistoryApr 01, 2020 - 12:00 a.m.

CVE-2020-6096

2020-04-0100:00:00
ubuntu.com
ubuntu.com
14

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
that utilize the GNU glibc implementation) with a negative value for the
‘num’ parameter results in a signed comparison vulnerability. If an
attacker underflows the ‘num’ parameter to memcpy(), this vulnerability
could lead to undefined behavior such as writing to out-of-bounds memory
and potentially remote code execution. Furthermore, this memcpy()
implementation allows for program execution to continue in scenarios where
a segmentation fault or crash should have occurred. The dangers occur in
that subsequent execution and iterations of this code will be executed with
this corrupted data.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarcheglibc< anyUNKNOWN
ubuntu18.04noarchglibc< 2.27-3ubuntu1.5UNKNOWN
ubuntu20.04noarchglibc< 2.31-0ubuntu9.7UNKNOWN
ubuntu20.10noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu21.04noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu21.10noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu22.04noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu22.10noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu23.04noarchglibc< 2.32-0ubuntu3UNKNOWN
ubuntu23.10noarchglibc< 2.32-0ubuntu3UNKNOWN
Rows per page:
1-10 of 121

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%