PT-2020-6127 · Gnu+6 · Glibc+6

Published

2020-01-17

Updated

2024-06-15

CVE-2020-1752

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.14 through 2.31

Description A use-after-free issue was found in the way tilde expansion was carried out, affecting directory paths with an initial tilde followed by a valid username. This could potentially lead to arbitrary code execution when a specially crafted path is processed by the glob function. A local attacker could exploit this flaw to gain elevated privileges.

Recommendations For glibc versions 2.14 through 2.31, update to version 2.32 to resolve the issue. As a temporary workaround, consider restricting the use of the glob function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-2070

ALT-PU-2020-3327

ALT-PU-2020-3401

ALT-PU-2021-3034

BDU:2021-03122

CESA-2020_4444

CVE-2020-1752

DLA-3152-1

MGASA-2020-0135

OPENSUSE-SU-2020:0467-1

OPENSUSE-SU-2020_0467-1

OPENSUSE-SU-2024:10792-1

RHSA-2020:4444

RHSA-2020_4444

SUSE-SU-2020:0820-1

SUSE-SU-2020:0832-1

SUSE-SU-2020_0820-1

SUSE-SU-2022:1123-1

SUSE-SU-2022_1123-1

USN-4416-1

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2020-6127 · Gnu+6 · Glibc+6

CVE-2020-1752

Weakness Enumeration

Related Identifiers

Affected Products

References · 92