Arch Linux Security Advisory ASA-202011-29 ========================================== Severity: Medium Date : 2020-11-26 CVE-ID : CVE-2020-28928 Package : musl Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1287 Summary ======= The package musl before version 1.2.1-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.2.1-2. # pacman -Syu "musl>=1.2.1-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== The wcsnrtombs function in all musl libc versions up to 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer. Impact ====== An attacker might be able to execute arbitrary code via crafted input content. References ========== https://bugs.archlinux.org/task/68685 https://www.openwall.com/lists/musl/2020/11/19/1 https://git.musl-libc.org/cgit/musl/commit/?id=3ab2a4e02682df1382955071919d8aa3c3ec40d4 https://security.archlinux.org/CVE-2020-28928