CVE-2020-11937

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

Published: Aug 7, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11937
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
canonical / whoopsie	0.2.66	0.2.66.x
canonical / whoopsie	0.2.67	0.2.67.x
canonical / whoopsie	0.2.68	0.2.68.x
canonical / whoopsie	0.2.69	0.2.69.x
canonical / whoopsie	0.2.49	0.2.49.x
canonical / whoopsie	0.2.50	0.2.50.x
canonical / whoopsie	0.2.51	0.2.51.x
canonical / whoopsie	0.2.52	0.2.52.x
canonical / whoopsie	0.2.52.1	0.2.52.1.x
canonical / whoopsie	0.2.52.2	0.2.52.2.x
canonical / whoopsie	0.2.52.3	0.2.52.3.x
canonical / whoopsie	0.2.52.4	0.2.52.4.x
canonical / whoopsie	0.2.52.5	0.2.52.5.x
canonical / whoopsie	0.2.52.5ubuntu0.1	0.2.52.5ubuntu0.1.x
canonical / whoopsie	0.2.52.5ubuntu0.2	0.2.52.5ubuntu0.2.x
canonical / whoopsie	0.2.52.5ubuntu0.3	0.2.52.5ubuntu0.3.x
canonical / whoopsie	0.2.52.5ubuntu0.4	0.2.52.5ubuntu0.4.x
canonical / whoopsie	0.2.58	0.2.58.x
canonical / whoopsie	0.2.59	0.2.59.x
canonical / whoopsie	0.2.59build1	0.2.59build1.x
canonical / whoopsie	0.2.60	0.2.60.x
canonical / whoopsie	0.2.61	0.2.61.x
canonical / whoopsie	0.2.62	0.2.62.x
canonical / whoopsie	0.2.62ubuntu0.1	0.2.62ubuntu0.1.x
canonical / whoopsie	0.2.62ubuntu0.2	0.2.62ubuntu0.2.x
canonical / whoopsie	0.2.62ubuntu0.3	0.2.62ubuntu0.3.x
canonical / whoopsie	0.2.62ubuntu0.4	0.2.62ubuntu0.4.x

Vulnerability Database

289,697

CVE-2020-11937