CVE-2020-1752

NameCVE-2020-1752
DescriptionA use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3152-1
Debian Bugs953788

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)buster2.28-10+deb10u1vulnerable
buster (security)2.28-10+deb10u3fixed
bullseye2.31-13+deb11u8fixed
bullseye (security)2.31-13+deb11u10fixed
bookworm2.36-9+deb12u4fixed
bookworm (security)2.36-9+deb12u7fixed
trixie2.38-12fixed
sid2.38-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsourcebuster2.28-10+deb10u2DLA-3152-1
glibcsource(unstable)2.30-3953788

Notes

https://sourceware.org/bugzilla/show_bug.cgi?id=25414
Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14)
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c

Search for package or bug name: Reporting problems