Use After Free

Affecting glibc package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

References

CVSS Score

7.0
high severity
  • Attack Vector
    Local
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE
CVE-2020-1752
CWE
CWE-416
Snyk ID
SNYK-DEBIAN9-GLIBC-559495
Disclosed
30 Apr, 2020
Published
07 Mar, 2020