Use-After-Free Vulnerability in glibc Affecting Directory Path Handling
CVE-2020-1752

7HIGH

Key Information:

Vendor: Gnu Libc
Status: Glibc
Vendor: CVE Published:; 30 April 2020

Summary

A use-after-free vulnerability was identified in glibc, specifically linked to the handling of directory paths containing an initial tilde followed by a valid username. A local attacker could exploit this issue by crafting a malicious path that, when processed by the glob function, may lead to arbitrary code execution. This vulnerability affects glibc versions prior to 2.32 and highlights the importance of keeping libraries up-to-date to mitigate such security risks.

Affected Version(s)

glibc Affected: versions 2.14 and later

glibc Fixed: version 2.32

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752

https://sourceware.org/bugzilla/show_bug.cgi?id=25414

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2020
Vulnerability Reserved
Nov 27, 2019