CVE-2020-1752

LOW

Description

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752

https://security.gentoo.org/glsa/202101-20

https://security.netapp.com/advisory/ntap-20200511-0005/

https://sourceware.org/bugzilla/show_bug.cgi?id=25414

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c

https://usn.ubuntu.com/4416-1/

Details

Source: MITRE

Published: 2020-04-30

Updated: 2021-01-29

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 3.7

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 1.9

Severity: LOW

CVSS v3.0

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
147246NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2021-0069)NessusNewStart CGSL Local Security Checks
medium
145977CentOS 8 : glibc (CESA-2020:4444)NessusCentOS Local Security Checks
medium
145333GLSA-202101-20 : glibc: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
142780Oracle Linux 8 : glibc (ELSA-2020-4444)NessusOracle Linux Local Security Checks
medium
142396RHEL 8 : glibc (RHSA-2020:4444)NessusRed Hat Local Security Checks
medium
140898EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-2131)NessusHuawei Local Security Checks
low
138166Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)NessusUbuntu Local Security Checks
high
137931EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2020-1712)NessusHuawei Local Security Checks
low
137509EulerOS 2.0 SP2 : glibc (EulerOS-SA-2020-1667)NessusHuawei Local Security Checks
medium
137319Photon OS 1.0: Glibc PHSA-2020-1.0-0298NessusPhotonOS Local Security Checks
low
137198Photon OS 2.0: Glibc PHSA-2020-2.0-0248NessusPhotonOS Local Security Checks
low
137017EulerOS 2.0 SP5 : glibc (EulerOS-SA-2020-1599)NessusHuawei Local Security Checks
low
135372Fedora 30 : glibc (2020-7f625c5ea8)NessusFedora Local Security Checks
medium
135264openSUSE Security Update : glibc (openSUSE-2020-467)NessusSuSE Local Security Checks
low
135209Fedora 31 : glibc (2020-244efc27af)NessusFedora Local Security Checks
medium
135165SUSE SLES12 Security Update : glibc (SUSE-SU-2020:0832-1)NessusSuSE Local Security Checks
medium