CVE-2020-6096

EPSS 4.07%
Published 01.04.2020 22:15:18
Last modified 21.11.2024 05:35:05
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Affected products Warnungen 0 Metrics 4 CWE 3 References 10

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version <= 2.31

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.07%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CWE-195 Signed to Unsigned Conversion Error

The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202101-20

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/

https://sourceware.org/bugzilla/show_bug.cgi?id=25620

Third Party Advisory

Issue Tracking

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-6096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6096

EUVD