CVE-2020-11937

Summary

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

Affected Software

VendorProductVersion RangeStatus
Canonicalwhoopsie0.2.52 < 0.2.52.5ubuntu0.5affected
Canonicalwhoopsie0.2.62 < 0.2.62ubuntu0.5affected
Canonicalwhoopsie0.2.69 < 0.2.69ubuntu0.1affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References