ArchLinux: 202011-29: musl: arbitrary code execution
Summary
The wcsnrtombs function in all musl libc versions up to 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer.
Resolution
Upgrade to 1.2.1-2.
# pacman -Syu "musl>=1.2.1-2"
The problem has been fixed upstream but no release is available yet.
References
https://bugs.archlinux.org/task/68685 https://www.openwall.com/lists/musl/2020/11/19/1 https://security.archlinux.org/CVE-2020-28928
Workaround
None.