CVE-2020-11937

Published Aug 6, 2020

Last updated 3 years ago

CVSS medium 5.5

Overview

Description: In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
Source: security@ubuntu.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-401
security@ubuntu.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.66:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E0749D-E6A3-435F-858A-A39A240BB4AA"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.67:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "504E16DE-54EC-4433-8375-201C87A0B896"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7275B761-412E-432F-AF71-6629EF7F1F47"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.69:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD90AB7B-09C1-441D-B166-6F2E8CD567AF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C35A294-C8B5-4712-9F02-233122304700"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "957BB83B-EBFD-4004-A633-93C98B93CFCF"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4DA392F-66B5-4C4A-A5AB-E0AF952FA1A0"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CC98E67-1E2E-4D98-A1A2-BDAC09D1E165"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEB34AAE-4865-45B1-BC7D-D5BCED403621"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2202D046-99CD-4C16-987A-A7F3C59E9ADA"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AD216EA-F5E6-4710-9B20-F2194B16A1B7"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0F185B9-A9A5-43CF-ABB3-AE0B3C4DE41F"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C49AD78B-B66A-461F-B50B-C8CD54B8B21D"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F25EE5B-A672-49F2-A01E-19DD64E70DF2"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DC8E92D-37E4-460F-A58E-1B8AF9D06720"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F8F849C-655F-483B-81EE-9D89AA0B887B"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58DDE289-EAE9-4153-B5D6-54882ACCEC9E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D620E03B-85CD-4FDD-9F66-8B1A15E04128"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.59:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22CAD71F-EC0F-4D3F-BC3B-354FF80982A7"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.59build1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F973C2-3645-4AF5-B220-E0D913586740"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.60:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F7176C9-744F-4D1E-8DFB-358F72F170DB"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.61:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B0C07D9-5A53-4385-A018-42116C44614B"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.62:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D98EFFD-CD23-485C-B153-25A3CE784D31"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63AE4686-F26C-4E0E-9528-8A65105F1D6F"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D403650-F9AE-466C-B344-43CC88397DED"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6CD4D53-D541-4ACD-939D-90926AED1A75"
          },
          {
            "criteria": "cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1671DFB-F35F-41A9-A634-D90661D31FC0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References