Vulnerability CVE-2020-1752: Information

Description

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1752
Published: April 30, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.30-alt22.38.0.76.e9f05fa1c6-alt1ALT-PU-2020-2070-1252278Fixed
glibcsisyphus_e2k2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.22.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4ALT-PU-2024-1492-1-Fixed
glibcsisyphus_riscv642.34.0.39.024a7-alt1.rv642.38.0.66.ge1135387de-alt1ALT-PU-2021-4728-1-Fixed
glibcp102.30-alt22.32-alt5.p10.3ALT-PU-2020-2070-1252278Fixed
glibcp92.27-alt132.27-alt14ALT-PU-2020-3401-1261868Fixed
glibcc10f12.30-alt22.32-alt5.p10.3ALT-PU-2020-2070-1252278Fixed
glibcc9f22.27-alt132.27-alt14ALT-PU-2020-3327-1261895Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=25414
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0005/
  • Third Party Advisory
USN-4416-1
  • Third Party Advisory
GLSA-202101-20
  • Third Party Advisory
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
  • Mailing List
  • Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c
    [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
      [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

          1. Configuration 1

            cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
            End excliding
            2.32.0

            Configuration 2

            cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
            cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
            Start including
            9.5
            cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
            cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
            Running on/with:
            cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top