CVE-2020-6096
Description
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the num parameter results in a signed comparison vulnerability. If an attacker underflows the num parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GNU C Library (USN-5310-1) libc6_2.27-3ubuntu1.5_i386.deb | Linux |
| GNU C Library (USN-5310-1) libc6_2.27-3ubuntu1.5_amd64.deb | Linux |
| GNU C Library (USN-5310-1) libc6_2.31-0ubuntu9.9_i386.deb | Linux |
| GNU C Library (USN-5310-1) libc6_2.31-0ubuntu9.7_amd64.deb | Linux |
| GNU C Library (USN-5310-1) libc6_2.34-0ubuntu3.2_i386.deb | Linux |
| GNU C Library (USN-5310-1) libc6_2.34-0ubuntu3.2_amd64.deb | Linux |
| GNU C Library (USN-4954-1) libc6_2.23-0ubuntu11.3_i386.deb | Linux |
| GNU C Library (USN-4954-1) libc6_2.23-0ubuntu11.3_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234