CVE-2020-11937
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | whoopsie | 0.2.52 < 0.2.52.5ubuntu0.5 | affected |
| Canonical | whoopsie | 0.2.62 < 0.2.62ubuntu0.5 | affected |
| Canonical | whoopsie | 0.2.69 < 0.2.69ubuntu0.1 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.net/bugs/1881982
- https://usn.ubuntu.com/4450-1
- https://github.com/sungjungk/whoopsie_killer
- https://usn.ubuntu.com/4450-1/
References
- https://launchpad.net/bugs/1881982
- https://usn.ubuntu.com/4450-1
- https://github.com/sungjungk/whoopsie_killer
- https://usn.ubuntu.com/4450-1/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.