ubuntu-cve-2020-6096
Vulnerability from osv_ubuntu
Published
2020-04-01 22:15
Modified
2026-04-22 07:39
Summary
Details
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
Severity
8.1 (High)
8.1 (High)
N/A (UNKNOWN)
References
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "eglibc-source",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc-bin",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "nscd",
"binary_version": "2.19-0ubuntu6.15+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "eglibc",
"purl": "pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.15+esm4?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.17-93ubuntu4",
"2.18-0ubuntu1",
"2.18-0ubuntu2",
"2.18-0ubuntu4",
"2.18-0ubuntu5",
"2.18-0ubuntu6",
"2.18-0ubuntu7",
"2.19-0ubuntu2",
"2.19-0ubuntu3",
"2.19-0ubuntu4",
"2.19-0ubuntu5",
"2.19-0ubuntu6",
"2.19-0ubuntu6.1",
"2.19-0ubuntu6.3",
"2.19-0ubuntu6.4",
"2.19-0ubuntu6.5",
"2.19-0ubuntu6.6",
"2.19-0ubuntu6.7",
"2.19-0ubuntu6.8",
"2.19-0ubuntu6.9",
"2.19-0ubuntu6.10",
"2.19-0ubuntu6.11",
"2.19-0ubuntu6.13",
"2.19-0ubuntu6.14",
"2.19-0ubuntu6.15",
"2.19-0ubuntu6.15+esm1",
"2.19-0ubuntu6.15+esm2",
"2.19-0ubuntu6.15+esm3",
"2.19-0ubuntu6.15+esm4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc-bin",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-ppc64",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-ppc64",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "locales",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "locales-all",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.23-0ubuntu11.3"
},
{
"binary_name": "nscd",
"binary_version": "2.23-0ubuntu11.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.23-0ubuntu11.3?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.23-0ubuntu11.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.21-0ubuntu4",
"2.21-0ubuntu5",
"2.21-0ubuntu6",
"2.23-0ubuntu1",
"2.23-0ubuntu2",
"2.23-0ubuntu3",
"2.23-0ubuntu4",
"2.23-0ubuntu5",
"2.23-0ubuntu6",
"2.23-0ubuntu7",
"2.23-0ubuntu9",
"2.23-0ubuntu10",
"2.23-0ubuntu11",
"2.23-0ubuntu11.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc-bin",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-lse",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "locales",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "locales-all",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.27-3ubuntu1.5"
},
{
"binary_name": "nscd",
"binary_version": "2.27-3ubuntu1.5"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.27-3ubuntu1.5?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.27-3ubuntu1.5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.26-0ubuntu2",
"2.26-0ubuntu2.1",
"2.27-0ubuntu2",
"2.27-0ubuntu3",
"2.27-3ubuntu1",
"2.27-3ubuntu1.2",
"2.27-3ubuntu1.3",
"2.27-3ubuntu1.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc-bin",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-lse",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "locales",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "locales-all",
"binary_version": "2.31-0ubuntu9.7"
},
{
"binary_name": "nscd",
"binary_version": "2.31-0ubuntu9.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.31-0ubuntu9.7?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.31-0ubuntu9.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.30-0ubuntu2",
"2.30-0ubuntu3",
"2.31-0ubuntu5",
"2.31-0ubuntu6",
"2.31-0ubuntu7",
"2.31-0ubuntu9",
"2.31-0ubuntu9.1",
"2.31-0ubuntu9.2",
"2.31-0ubuntu9.3"
]
}
],
"aliases": [],
"details": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the \u0027num\u0027 parameter results in a signed comparison vulnerability. If an attacker underflows the \u0027num\u0027 parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
"id": "UBUNTU-CVE-2020-6096",
"modified": "2026-04-22T07:39:18Z",
"published": "2020-04-01T22:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-6096"
},
{
"type": "REPORT",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4954-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5310-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6096"
}
],
"related": [
"USN-4954-1",
"USN-5310-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-6096"
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…