Signed Comparison Vulnerability in GNU glibc 2.30.9000 on ARMv7 Targets
CVE-2020-6096

8.1HIGH

Key Information:

Vendor

Gnu
Status
Gnu Glibc
Vendor
CVE Published:
1 April 2020

What is CVE-2020-6096?

A signed comparison vulnerability exists in the memcpy() implementation of GNU glibc 2.30.9000 specifically for ARMv7 architecture. Exploiting this flaw occurs when the 'num' parameter is passed a negative value, leading to an underflow condition. This can result in undefined behaviors like memory corruption, where the program may write data to out-of-bounds memory locations. The vulnerability allows for continued execution of manipulated code, risking remote code execution or other severe security issues, all while potentially bypassing normal fault protections like segmentation faults.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GNU glibc 2.30.9000

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://security.gentoo.org/glsa/202101-20
vendor-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.