CVE-2020-11937
06.08.2020, 23:15
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| canonical | whoopsie | 0.2.66 |
| canonical | whoopsie | 0.2.67 |
| canonical | whoopsie | 0.2.68 |
| canonical | whoopsie | 0.2.69 |
| canonical | whoopsie | 0.2.49 |
| canonical | whoopsie | 0.2.50 |
| canonical | whoopsie | 0.2.51 |
| canonical | whoopsie | 0.2.52 |
| canonical | whoopsie | 0.2.52.1 |
| canonical | whoopsie | 0.2.52.2 |
| canonical | whoopsie | 0.2.52.3 |
| canonical | whoopsie | 0.2.52.4 |
| canonical | whoopsie | 0.2.52.5 |
| canonical | whoopsie | 0.2.52.5ubuntu0.1:ubuntu0.1 |
| canonical | whoopsie | 0.2.52.5ubuntu0.2:ubuntu0.2 |
| canonical | whoopsie | 0.2.52.5ubuntu0.3:ubuntu0.3 |
| canonical | whoopsie | 0.2.52.5ubuntu0.4:ubuntu0.4 |
| canonical | whoopsie | 0.2.58 |
| canonical | whoopsie | 0.2.59 |
| canonical | whoopsie | 0.2.59build1:build1 |
| canonical | whoopsie | 0.2.60 |
| canonical | whoopsie | 0.2.61 |
| canonical | whoopsie | 0.2.62 |
| canonical | whoopsie | 0.2.62ubuntu0.1:ubuntu0.1 |
| canonical | whoopsie | 0.2.62ubuntu0.2:ubuntu0.2 |
| canonical | whoopsie | 0.2.62ubuntu0.3:ubuntu0.3 |
| canonical | whoopsie | 0.2.62ubuntu0.4:ubuntu0.4 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-401 - Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.