CVE-2020-6096

Name of the Vulnerable Software and Affected Versions GNU glibc version 2.30.9000

Description An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation. Calling memcpy() with a negative value for the num parameter results in a signed comparison vulnerability, potentially leading to undefined behavior such as writing to out-of-bounds memory and remote code execution. The vulnerability allows program execution to continue in scenarios where a segmentation fault or crash should have occurred, resulting in subsequent execution with corrupted data.

Recommendations For GNU glibc version 2.30.9000, consider disabling the memcpy() function until a patch is available to prevent potential remote code execution. Restrict access to the vulnerable memcpy() implementation to minimize the risk of exploitation. Avoid using the num parameter with negative values in the affected memcpy() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.