CVE-2020-1752

Priority
Description
A use-after-free vulnerability introduced in glibc upstream version 2.14
was found in the way the tilde expansion was carried out. Directory paths
containing an initial tilde followed by a valid username were affected by
this issue. A local attacker could exploit this flaw by creating a
specially crafted path that, when processed by the glob function, would
potentially lead to arbitrary code execution. This was fixed in version
2.32.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu11.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.27-3ubuntu1.2)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2.31-0ubuntu9)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.31-0ubuntu9)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
More Information

Updated: 2020-07-28 19:04:01 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)