---

CVE-2020-28928 - log back

CVE-2020-28928 edited at 21 Nov 2020 13:19:30
References	- https://www.openwall.com/lists/oss-security/2020/11/20/4 + https://www.openwall.com/lists/musl/2020/11/19/1 https://git.musl-libc.org/cgit/musl/commit/?id=3ab2a4e02682df1382955071919d8aa3c3ec40d4

CVE-2020-28928 edited at 20 Nov 2020 12:30:19

Description

- The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer. + The wcsnrtombs function in all musl libc versions up to 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer.

CVE-2020-28928 edited at 20 Nov 2020 12:29:39
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer.
References	+ https://www.openwall.com/lists/oss-security/2020/11/20/4 + https://git.musl-libc.org/cgit/musl/commit/?id=3ab2a4e02682df1382955071919d8aa3c3ec40d4
Notes

CVE-2020-28928 created at 20 Nov 2020 12:27:04