Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Local

0

CVE-2020-1752

Disclosure Date: April 30, 2020 •

CVE-2020-1752 CVSS v3 Base Score: 7.0

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.0 High

Impact Score:

5.9

Exploitability Score:

1

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

canonical,
debian,
gnu,
netapp

Products

active iq unified manager,
debian linux 10.0,
glibc,
h410c firmware -,
hci management node -,
solidfire -,
steelstore cloud integrated storage -,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 19.10

References

Canonical

CVE-2020-1752 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752)

Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752

https://sourceware.org/bugzilla/show_bug.cgi?id=25414

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c

https://security.netapp.com/advisory/ntap-20200511-0005

USN-4416-1 (https://usn.ubuntu.com/4416-1)

https://security.netapp.com/advisory/ntap-20200511-0005/

USN-4416-1 (https://usn.ubuntu.com/4416-1/)

GLSA-202101-20 (https://security.gentoo.org/glsa/202101-20)

[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E)

[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E)

[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update (https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html)

Rapid7

Technical Analysis