Vulnerability Details CVE-2020-11937
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2020-11937
-
cpe:2.3:a:canonical:whoopsie:0.2.49
-
cpe:2.3:a:canonical:whoopsie:0.2.50
-
cpe:2.3:a:canonical:whoopsie:0.2.51
-
cpe:2.3:a:canonical:whoopsie:0.2.52
-
cpe:2.3:a:canonical:whoopsie:0.2.52.1
-
cpe:2.3:a:canonical:whoopsie:0.2.52.2
-
cpe:2.3:a:canonical:whoopsie:0.2.52.3
-
cpe:2.3:a:canonical:whoopsie:0.2.52.4
-
cpe:2.3:a:canonical:whoopsie:0.2.52.5
-
cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.1
-
cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.2
-
cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.3
-
cpe:2.3:a:canonical:whoopsie:0.2.52.5ubuntu0.4
-
cpe:2.3:a:canonical:whoopsie:0.2.58
-
cpe:2.3:a:canonical:whoopsie:0.2.59
-
cpe:2.3:a:canonical:whoopsie:0.2.59build1
-
cpe:2.3:a:canonical:whoopsie:0.2.60
-
cpe:2.3:a:canonical:whoopsie:0.2.61
-
cpe:2.3:a:canonical:whoopsie:0.2.62
-
cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.1
-
cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.2
-
cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.3
-
cpe:2.3:a:canonical:whoopsie:0.2.62ubuntu0.4
-
cpe:2.3:a:canonical:whoopsie:0.2.66
-
cpe:2.3:a:canonical:whoopsie:0.2.67
-
cpe:2.3:a:canonical:whoopsie:0.2.68
-
cpe:2.3:a:canonical:whoopsie:0.2.69
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04