Resource exhaustion vulnerability in whoopsie
CVE-2020-11937

5.5MEDIUM

Key Information:

Vendor: Canonical
Status: Whoopsie
Vendor: CVE Published:; 6 August 2020

Summary

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

Affected Version(s)

whoopsie 0.2.52 < 0.2.52.5ubuntu0.5

whoopsie 0.2.62 < 0.2.62ubuntu0.5

whoopsie 0.2.69 < 0.2.69ubuntu0.1

References

https://launchpad.net/bugs/1881982

x_refsource_CONFIRM

https://usn.ubuntu.com/4450-1

x_refsource_CONFIRM

https://github.com/sungjungk/whoopsie_killer

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2020
Vulnerability Reserved
Apr 20, 2020

Credit

Seong-Joong Kim