UBUNTU-CVE-2020-28928

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-28928

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-28928.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-28928

Related

Published

2020-11-24T18:15:00Z

Modified

2020-11-24T18:15:00Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

References

Affected packages

Ubuntu:Pro:14.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@0.9.15-1ubuntu0.1~esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.15-1ubuntu0.1~esm2

Affected versions

0.*

0.9.14-2

0.9.14-2ubuntu1

0.9.15-1

0.9.15-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "0.9.15-1ubuntu0.1~esm2",
            "musl": "0.9.15-1ubuntu0.1~esm2",
            "musl-tools": "0.9.15-1ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.9-1ubuntu0.1~esm3?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.9-1ubuntu0.1~esm3

Affected versions

1.*

1.1.9-1

1.1.9-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "1.1.9-1ubuntu0.1~esm3",
            "musl": "1.1.9-1ubuntu0.1~esm3",
            "musl-tools": "1.1.9-1ubuntu0.1~esm3"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.19-1ubuntu0.1~esm1?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.19-1ubuntu0.1~esm1

Affected versions

1.*

1.1.16-3

1.1.18-1

1.1.19-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "1.1.19-1ubuntu0.1~esm1",
            "musl": "1.1.19-1ubuntu0.1~esm1",
            "musl-dbgsym": "1.1.19-1ubuntu0.1~esm1",
            "musl-tools": "1.1.19-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:20.04:LTS / musl

Package

Name: musl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.23-2build1

1.1.24-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.24-1ubuntu0.1~esm1?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.24-1ubuntu0.1~esm1

Affected versions

1.*

1.1.23-2build1

1.1.24-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "1.1.24-1ubuntu0.1~esm1",
            "musl": "1.1.24-1ubuntu0.1~esm1",
            "musl-dbgsym": "1.1.24-1ubuntu0.1~esm1",
            "musl-tools": "1.1.24-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:22.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.2.2-4?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-4

Affected versions

1.*

1.2.2-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "1.2.2-4",
            "musl": "1.2.2-4",
            "musl-dbgsym": "1.2.2-4",
            "musl-tools": "1.2.2-4"
        }
    ]
}

Ubuntu:24.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.2.3-1?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "musl-dev": "1.2.3-1",
            "musl": "1.2.3-1",
            "musl-dbgsym": "1.2.3-1",
            "musl-tools": "1.2.3-1"
        }
    ]
}