In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
References
Link | Resource |
---|---|
https://github.com/sungjungk/whoopsie_killer | Exploit Third Party Advisory |
https://launchpad.net/bugs/1881982 | Exploit Issue Tracking Third Party Advisory |
https://usn.ubuntu.com/4450-1 | Vendor Advisory |
https://usn.ubuntu.com/4450-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
13 Sep 2021, 14:27
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 | |
References | (UBUNTU) https://usn.ubuntu.com/4450-1/ - Third Party Advisory |
Information
Published : 2020-08-06 23:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-11937
Mitre link : CVE-2020-11937
CVE.ORG link : CVE-2020-11937
JSON object : View
Products Affected
canonical
- whoopsie
- ubuntu_linux