Discover Government News

Arch Linux Security Advisory ASA-202011-29
=========================================
Severity: Medium
Date    : 2020-11-26
CVE-ID  : CVE-2020-28928
Package : musl
Type    : arbitrary code execution
Remote  : No
Link    : https://security.archlinux.org/AVG-1287

Summary
======
The package musl before version 1.2.1-2 is vulnerable to arbitrary code
execution.

Resolution
=========
Upgrade to 1.2.1-2.

# pacman -Syu "musl>=1.2.1-2"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
The wcsnrtombs function in all musl libc versions up to 1.2.1 has been
found to have multiple bugs in the handling of the destination buffer
size when limiting the input character count, which can lead to an
infinite loop with no progress (no overflow) or to writing past the end
of the destination buffer.

Impact
=====
An attacker might be able to execute arbitrary code via crafted input
content.

References
=========
https://bugs.archlinux.org/task/68685
https://www.openwall.com/lists/musl/2020/11/19/1
https://security.archlinux.org/CVE-2020-28928

ArchLinux: 202011-29: musl: arbitrary code execution

December 5, 2020

Summary

The wcsnrtombs function in all musl libc versions up to 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer.

Resolution

Upgrade to 1.2.1-2. # pacman -Syu "musl>=1.2.1-2"
The problem has been fixed upstream but no release is available yet.

References

https://bugs.archlinux.org/task/68685 https://www.openwall.com/lists/musl/2020/11/19/1 https://security.archlinux.org/CVE-2020-28928

Severity
Package : musl
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1287

Workaround

None.

Related News