PublicDateAtUSN: 2020-06-11
Candidate: CVE-2020-11937
PublicDate: 2020-08-06 23:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11937
 https://github.com/sungjungk/whoopsie_killer
 https://ubuntu.com/security/notices/USN-4450-1
Description:
 In whoopsie, parse_report() from whoopsie.c allows a local attacker to
 cause a denial of service via a crafted file. The DoS is caused by resource
 exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5,
 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1881982
Priority: medium
Discovered-by: Seong-Joong Kim
Assigned-to: mdeslaur
CVSS:
 ubuntu: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [6.2 MEDIUM]
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_whoopsie:
upstream_whoopsie: needs-triage
precise/esm_whoopsie: DNE
trusty_whoopsie: ignored (out of standard support)
trusty/esm_whoopsie: DNE
xenial_whoopsie: released (0.2.52.5ubuntu0.5)
esm-infra/xenial_whoopsie: released (0.2.52.5ubuntu0.5)
bionic_whoopsie: released (0.2.62ubuntu0.5)
eoan_whoopsie: ignored (reached end-of-life)
focal_whoopsie: released (0.2.69ubuntu0.1)
devel_whoopsie: released (0.2.71)